* ban...@openmailbox.org (ban...@openmailbox.org) wrote: > Recent security research shows that soundcards support surreptitiously > switching line-out jacks into line-in by modifying the software stack. The > way modern speakers and headphones are designed makes them readily usable as > microphones. The Intel High Definition (HD) Audio standards which all modern > consumer soundcards are based mandates this stupidity. > > https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf > > Does anyone know if QEMU's emulated sound devices follow this standard? If > yes then a malicious guest that can modify the virt sound hardware can turn > PC speakers into surveillance devices even if the microphone is disabled on > the host. The only solution is completely denying untrusted VMs access to a > virtual sound device.
I think it's reasonably isolated; the emulated audio controller ends up using normal pulseaudio/alsa etc to talk to your host's audio system - so I don't think it should be able to screw around with low level settings of the codecs. Dave > > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
