Actions

Hardware Threat Minimization


Microphones[edit]

Eavesdropping Risk[edit]

The user should check whether the computer or notebook has a microphone. Microphones are often built-in and go unnoticed. In most cases it is recommended to disable the microphone for security reasons. If Whonix-Workstation (anon-whonix) is ever compromised by malware, an adversary could eavesdrop through the microphone. [3] Similarly, keyboard acoustic side channel attacks can use the audio leakage from keyboard typing to infer the words up to a certain degree of accuracy. [4] [5]

Voice Recognition[edit]

It is safe to assume that everyone has had an unencrypted phone call during their lifetime and that one of them has been recorded. Voiceprints allow a person to be identified from the specific characteristics (acoustics) of their voice and it is a useful biometric marker. [6] This means personal and unique voiceprints can be used to link non-anonymous and "anonymous" voice samples; a process called voice recognition and documented on the VoIP wiki page in the introduction chapter. [7]

Disabling or Removing Microphones[edit]

By default, microphones that are connected to the host are made available to virtual machines like Whonix-Workstation (except for Qubes-Whonix, see further below).

For best security, external microphones should be unplugged. If the microphone is built-in and the user decides to disable it, there might be a BIOS option available. Suitably skilled users can also attempt to remove built-in microphones, although this is more difficult.

Select Use of Microphones[edit]

Multiple Whonix-Workstations should be used for:

  • Making Internet calls.
  • Conducting Voice over IP (VoIP).
  • Any other microphone use inside Whonix-Workstation (anon-whonix).

In this way, the microphone is used in select Whonix-Workstations and not all. The microphone should be unplugged after use.

For VoIP purposes, audio pass-through capability may need to be enabled for the respective hypervisor. The following section documents how to get audio working on supported platforms.

Expand for more information:

KVM[edit]

KVM by default emulates a line-in/line-out in the virtual sound device, meaning microphone passthrough to guests is enabled if it is turned on for the host.

VirtualBox[edit]

VirtualBox has access to the host's microphone by default. Users can disable access by muting it on the host. Alternatively, from VirtualBox 5.2 there is an option to enable/disable VM guest access to the host's microphone. [8]

When the VM is stopped, run.

VBoxManage modifyvm <uuid|vmname> audioin off

Or when the VM is up and running, use.

VBoxManage controlvm <uuid|vmname> audioin off

Qubes[edit]

Qubes VM Manager is used to attach or detach microphones to select VMs.

Qubes VM Manger -> Right-click on VM -> Attach/deattach audio input device to the VM [9]

Webcams[edit]


Webcams on infected machines can be used to take snapshots, record video or eavesdrop using the built-in microphone. Recent research reveals that even remote screen views can be accurately determined via webcams, due to "content-dependent acoustic leakage from LCD screens." [10]

Always check if the computer or notebook has a webcam; one might be built-in, but have gone unnoticed. Check the computer's datasheet and operating system hardware manager to be sure. It is recommended that (external) webcams are disabled or removed, unless there are immediate plans to use it inside Whonix-Workstation (anon-whonix). Once a webcam session has finished, it should be disabled and preferably unplugged straight away.

If the webcam is built-in, check whether it can be disabled with a BIOS setting. Suitably skilled users can attempt to remove built-in webcams, although this may be difficult. As a stop-gap measure, the webcam can always be covered with thick adhesive tape or a cap, so long as it is opaque.

Wireless Input Devices[edit]

Avoid using wireless keyboards and mice because most send data unencrypted. Even if this was not the case, the robustness of the cryptography involved in proprietary products cannot be verified. A local adversary up to 100 meters away can sniff keystrokes and inject their own, allowing them to take over the machine.[11] [12]

References[edit]

  1. The implant is called CAPTIVATEAUDIENCE, while the webcam equivalent is called GUMFISH.
  2. https://www.wired.com/2014/03/webcams-mics/
  3. One attack vector is the use of spam emails which contain malware.
  4. https://fc16.ifca.ai/preproceedings/21_Anand.pdf
  5. Researchers continue to improve the accuracy of various techniques and attack vectors like feature extraction and classification, keyboard geometry and triangulation.
  6. https://en.wikipedia.org/wiki/Speaker_recognition#Technology
  7. Writing styles are also personal and unique. Individuals can be identified with a similar method called stylometry, which is documented on the Surfing Posting Blogging wiki page.
  8. https://www.virtualbox.org/ticket/12026
  9. Or left-click the microphone button on the Qubes VM Manager toolbar for the specific VM.
  10. This is a novel acoustic side-channel attack variant that relies on neural networks and the "coil whine" audio emissions from electronic components that power the LCD display.
  11. https://www.schneier.com/blog/archives/2016/03/security_vulner_6.html
  12. https://www.schneier.com/blog/archives/2016/08/security_vulner_7.html

License[edit]

Whonix Hardware Threat Minimization wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix Hardware Threat Minimization wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.


Random News:

Check out the Whonix blog.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)