From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33599) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cAN3a-0005xA-MV for qemu-devel@nongnu.org; Fri, 25 Nov 2016 15:25:15 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cAN3W-0000He-OM for qemu-devel@nongnu.org; Fri, 25 Nov 2016 15:25:14 -0500 Received: from smtp14.openmailbox.org ([62.4.1.48]:48242) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cAN3W-0000CE-Cc for qemu-devel@nongnu.org; Fri, 25 Nov 2016 15:25:10 -0500 Received: from www.openmailbox.org (unknown [10.91.130.51]) by mail2.openmailbox.org (Postfix) with ESMTP id BF307101B28 for ; Fri, 25 Nov 2016 21:25:00 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 25 Nov 2016 21:25:00 +0100 From: bancfc@openmailbox.org Message-ID: <290015b23a9ec5033ee65209882dcbc0@openmailbox.org> Subject: [Qemu-devel] =?utf-8?q?QEMU_soundcards_vulnerable_to_jack_retaski?= =?utf-8?b?bmc/?= List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Recent security research shows that soundcards support surreptitiously switching line-out jacks into line-in by modifying the software stack. The way modern speakers and headphones are designed makes them readily usable as microphones. The Intel High Definition (HD) Audio standards which all modern consumer soundcards are based mandates this stupidity. https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf Does anyone know if QEMU's emulated sound devices follow this standard? If yes then a malicious guest that can modify the virt sound hardware can turn PC speakers into surveillance devices even if the microphone is disabled on the host. The only solution is completely denying untrusted VMs access to a virtual sound device.