zlacker

[return to "Toward a Reasonably Secure Laptop"]
1. HugoDa+bg[view] [source] 2017-07-11 14:05:02
>>doener+(OP)
"Finally, we are going to require that Qubes-certified hardware does not have any built-in USB-connected microphones (e.g. as part of a USB-connected built-in camera) that cannot be easily physically disabled by the user, e.g. via a convenient mechanical switch. However, it should be noted that the majority of laptops on the market that we have seen satisfy this condition out of the box, because their built-in microphones are typically connected to the internal audio device, which itself is a PCIe type of device. This is important, because such PCIe audio devices are – by default – assigned to Qubes’ (trusted) dom0 and exposed through our carefully designed protocol only to select AppVMs when the user explicitly chooses to do so."

This made me download Qubes. Amazing project that seems to care.

◧◩
2. pmoria+pv[view] [source] 2017-07-11 15:53:47
>>HugoDa+bg
I personally would not trust any laptop with an internal microphone at all.

If a laptop does have an internal microphone, I just assume it is on and recording.

◧◩◪
3. raesen+Yw[view] [source] 2017-07-11 16:05:11
>>pmoria+pv
Does that mean you assume that all the firmware/devices on your laptop are compromised, or just the microphone?
◧◩◪◨
4. pmoria+Lx[view] [source] 2017-07-11 16:11:02
>>raesen+Yw
I also assume the camera is compromised, and like to put tape over it when I'm not using it.

Other than that, I don't assume any other part of the laptop is compromised, but maybe I should. Thanks for asking this thought-provoking question.

◧◩◪◨⬒
5. raesen+zz[view] [source] 2017-07-11 16:23:12
>>pmoria+Lx
no worries :) I'm kind of interested, because lack of trust in microphones/cameras specifically on laptops is a theme I've seen commonly expressed by people in general IT and IT security.

My thinking on the subject was roughly that for an attacker to have the ability to spy on me via that mechanism would strongly imply that they already have privileged access to my computer (to be able to active the device and exfiltrate the data).

At that point, personally, I'm far more worried about the data they'd get from my keyboard (specifically credentials for various systems) than I am about them being able to see me sit at a desk.

◧◩◪◨⬒⬓
6. kbenso+Vn1[view] [source] 2017-07-11 22:16:37
>>raesen+zz
Home laptops aren't just used at desks. People use them in the bed, or other places in the house where they have an expectation of privacy.

They may have my data if I'm compromised, that doesn't mean I want them to have embarrassing video or audio of me as well.

[go to top]