Il 04/12/2016 20:05, HW42 ha scritto: > Patrick Schleizer: >> Recent security research shows that soundcards support surreptitiously >> switching line-out jacks into line-in by modifying the software stack. >> The way modern speakers and headphones are designed makes them readily >> usable as microphones. The Intel High Definition (HD) Audio standards >> which all modern consumer soundcards are based mandates this. > >> https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf > >> Does anyone know if XEN's emulated sound devices follow this standard? >> If yes then a malicious guest that can modify the virt sound hardware >> can turn PC speakers into surveillance devices even if the microphone is >> disabled on the host. > >> Asked on xen list: >> https://lists.xen.org/archives/html/xen-users/2016-12/msg00008.html > > I don't know how other virtual sound support for Xen works. Qubes uses a > custom PulseAudio based solution which streams raw audio data via vchan. > A VM has (or should have) no control over the sound card configuration in > dom0 there. See gui-{daemon,agent-linux}/pulse >
i don't know about qubes os, but on desktop computer this should not be a problem, you can switch the output to input but speakers has also an amplifier out of computer control and dessigned only as output, this means that also if speakers can be used as mic, signal doesn't pass the ampli. this is theorical (and makes sense) but i'm planning to do a check with an oscilloscope, if someone is really interested. same *should* apply to notebook computer. the reasearch talks about headphones in fact they doesn't have an amplifier so you can directly use it's signal. (you can do the same with LED: i cloned ir remote with led connected to mic input, rec & play). it's a bit paranoid discussion but given the recent research like this: "Don't Skype & Type" https://arxiv.org/pdf/1609.09359.pdf i have also added a switch for webcam & mic and was planning to update my (paranoid?) guide due to this new research. http://www.instructables.com/id/My-1-antispyware-that-can-beat-billion-dollar-stat/ -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/0651f3f5-b014-bad4-5169-de54521bf83c%40posteo.net. For more options, visit https://groups.google.com/d/optout.
