Recent security research shows that soundcards support surreptitiously
switching line-out jacks into line-in by modifying the software stack.
The way modern speakers and headphones are designed makes them readily
usable as microphones. The Intel High Definition (HD) Audio standards
which all modern consumer soundcards are based mandates this stupidity.
https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
Does anyone know if QEMU's emulated sound devices follow this standard?
If yes then a malicious guest that can modify the virt sound hardware
can turn PC speakers into surveillance devices even if the microphone is
disabled on the host. The only solution is completely denying untrusted
VMs access to a virtual sound device.
/CC'd the respective researchers for input on this too.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list