Turn Speakers to Microphones?
76 views
Skip to first unread message
Patrick Schleizer
Dec 4, 2016, 1:36:43 PM12/4/16
to qubes...@googlegroups.com
Recent security research shows that soundcards support surreptitiously
switching line-out jacks into line-in by modifying the software stack.
The way modern speakers and headphones are designed makes them readily
usable as microphones. The Intel High Definition (HD) Audio standards
which all modern consumer soundcards are based mandates this.
https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
Does anyone know if XEN's emulated sound devices follow this standard?
If yes then a malicious guest that can modify the virt sound hardware
can turn PC speakers into surveillance devices even if the microphone is
disabled on the host.
Asked on xen list:
https://lists.xen.org/archives/html/xen-users/2016-12/msg00008.html
switching line-out jacks into line-in by modifying the software stack.
The way modern speakers and headphones are designed makes them readily
usable as microphones. The Intel High Definition (HD) Audio standards
which all modern consumer soundcards are based mandates this.
https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
Does anyone know if XEN's emulated sound devices follow this standard?
If yes then a malicious guest that can modify the virt sound hardware
can turn PC speakers into surveillance devices even if the microphone is
disabled on the host.
Asked on xen list:
https://lists.xen.org/archives/html/xen-users/2016-12/msg00008.html
HW42
Dec 4, 2016, 2:06:50 PM12/4/16
to Patrick Schleizer, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Patrick Schleizer:
I don't know how other virtual sound support for Xen works. Qubes uses a
custom PulseAudio based solution which streams raw audio data via vchan.
A VM has (or should have) no control over the sound card configuration in
dom0 there. See gui-{daemon,agent-linux}/pulse
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEqieyzvOmi9FGaQcT5KzJJ4pkaBYFAlhEaQ8PHGh3NDJAaXBz
dW1qLmRlAAoJEOSsySeKZGgWkEIP+QEJ4nOHL0TjPhCms2k9i7Cnxq8j59skAEBG
sO5Pg9iH3bBWVYhEFa0qtWSWsc3IjFfu6RUOvDJNrsW/5wkxqcyOIYPDq4KBlq1+
XApfXhiQ7dZy6SzcmrCJbZi/GWZJ88AWuzqFxJm4T+iP2rmaHn0IigxCsqh/zX1o
l40wZMUq8QILS2CkwLy1gOY2U0/Xc5GNxZDu+Jst8GDq/fJ3n40sJaSzroXgSYbX
IjTHBsGmMmCe7qfQESK9+DJA9C4gvEzUwgRs+ztEmil7Z4vD7f3/fu8VPZuQbl/S
sQP1xU+Drwa2s2Hl3yQWgTzBWHtil44UguQnFgWZVtEEUJqSI8CIoKJXkXm6TitK
CYNvJ0Ar404lJx2OiR9MnXGB5r9W8eIIEUxOAYNhtJUoBsk5X0hXYi+Mi0hoRS1p
utRObmqczsxiXfK44e8tADSEuACpl3UsEJ2YHk/Qq7DlJqm4XXYfi88PJQ9Q+/DL
ycghxOv6272V6GT91KDqHiX0rP3CjhSGxa/JeBtKxss9giBnWLCJ02a1Dc7YDcmr
jDxBVm2wvAOXuRMt8VnR08jXMHTXyr1FVXjrUpimH0mwfRJmEijTStS3v0cL0jOx
MvsTVU3SwWAa/nAcTTNP9Z/qUm4odJqGHCDsKje0mrYwk7lS+gJi9ZE+Vuo7v3Ri
WDTE1UTs
=rWJM
-----END PGP SIGNATURE-----
Hash: SHA512
Patrick Schleizer:
custom PulseAudio based solution which streams raw audio data via vchan.
A VM has (or should have) no control over the sound card configuration in
dom0 there. See gui-{daemon,agent-linux}/pulse
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEqieyzvOmi9FGaQcT5KzJJ4pkaBYFAlhEaQ8PHGh3NDJAaXBz
dW1qLmRlAAoJEOSsySeKZGgWkEIP+QEJ4nOHL0TjPhCms2k9i7Cnxq8j59skAEBG
sO5Pg9iH3bBWVYhEFa0qtWSWsc3IjFfu6RUOvDJNrsW/5wkxqcyOIYPDq4KBlq1+
XApfXhiQ7dZy6SzcmrCJbZi/GWZJ88AWuzqFxJm4T+iP2rmaHn0IigxCsqh/zX1o
l40wZMUq8QILS2CkwLy1gOY2U0/Xc5GNxZDu+Jst8GDq/fJ3n40sJaSzroXgSYbX
IjTHBsGmMmCe7qfQESK9+DJA9C4gvEzUwgRs+ztEmil7Z4vD7f3/fu8VPZuQbl/S
sQP1xU+Drwa2s2Hl3yQWgTzBWHtil44UguQnFgWZVtEEUJqSI8CIoKJXkXm6TitK
CYNvJ0Ar404lJx2OiR9MnXGB5r9W8eIIEUxOAYNhtJUoBsk5X0hXYi+Mi0hoRS1p
utRObmqczsxiXfK44e8tADSEuACpl3UsEJ2YHk/Qq7DlJqm4XXYfi88PJQ9Q+/DL
ycghxOv6272V6GT91KDqHiX0rP3CjhSGxa/JeBtKxss9giBnWLCJ02a1Dc7YDcmr
jDxBVm2wvAOXuRMt8VnR08jXMHTXyr1FVXjrUpimH0mwfRJmEijTStS3v0cL0jOx
MvsTVU3SwWAa/nAcTTNP9Z/qUm4odJqGHCDsKje0mrYwk7lS+gJi9ZE+Vuo7v3Ri
WDTE1UTs
=rWJM
-----END PGP SIGNATURE-----
Matteo
Dec 5, 2016, 12:49:42 PM12/5/16
to qubes...@googlegroups.com
Il 04/12/2016 20:05, HW42 ha scritto:
> Patrick Schleizer:
>> Recent security research shows that soundcards support surreptitiously
>> switching line-out jacks into line-in by modifying the software stack.
>> The way modern speakers and headphones are designed makes them readily
>> usable as microphones. The Intel High Definition (HD) Audio standards
>> which all modern consumer soundcards are based mandates this.
>
>> https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
>
>> Does anyone know if XEN's emulated sound devices follow this standard?
>> If yes then a malicious guest that can modify the virt sound hardware
>> can turn PC speakers into surveillance devices even if the microphone is
>> disabled on the host.
>
>> Asked on xen list:
>> https://lists.xen.org/archives/html/xen-users/2016-12/msg00008.html
>
> I don't know how other virtual sound support for Xen works. Qubes uses a
> custom PulseAudio based solution which streams raw audio data via vchan.
> A VM has (or should have) no control over the sound card configuration in
> dom0 there. See gui-{daemon,agent-linux}/pulse
>
a problem, you can switch the output to input but speakers has also an
amplifier out of computer control and dessigned only as output, this
means that also if speakers can be used as mic, signal doesn't pass the
ampli.
this is theorical (and makes sense) but i'm planning to do a check with
an oscilloscope, if someone is really interested.
same *should* apply to notebook computer.
the reasearch talks about headphones in fact they doesn't have an
amplifier so you can directly use it's signal.
(you can do the same with LED: i cloned ir remote with led connected to
mic input, rec & play).
it's a bit paranoid discussion but given the recent research like this:
"Don't Skype & Type" https://arxiv.org/pdf/1609.09359.pdf
i have also added a switch for webcam & mic and was planning to update
my (paranoid?) guide due to this new research.
http://www.instructables.com/id/My-1-antispyware-that-can-beat-billion-dollar-stat/
Reply all
Reply to author
Forward
0 new messages