Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM

Discussion in 'privacy problems' started by TheWindBringeth, Mar 22, 2015.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    https://hsmr.cc/palinopsia/

     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Two take-homes:
    1) don't use 3D acceleration in VMs
    2) always power cycle after Tails

    Edit:
    3) don't use the host or other VMs for "true-name" stuff
     
    Last edited: Mar 23, 2015
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    I had a look at coding GPUs for confidential information, and realised: Noooooo. They have no concept of memory protection or processes not interfering with each other. So, consequently, anything in the GPU memory is potentially available for anything that wants it. The more direct access the VM has to the card (necessary for performance reasons), the easier it is to get this.
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Thanks for your reporting. For me good enough reason to disable GPU acceleration in browsers and plugin too. I've been disabled it for fairly a time and see no performance down.
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Hmm. Might full emulation be any better? A lot of things run decently in Qemu, without hardware acceleration; given enough RAM and a fast enough CPU on the host.

    GMail would be slow as all heck to browse from Qemu, though. :(

    Edit: also Qemu doesn't have any kind of switch for the amount of virtual VRAM, last I checked. Modern OSes need a LOT of VRAM.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I have to wonder if 3D acceleration isn't also disabled on the host, is it disabled at all?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Good point. That's easy enough to test. But I can't. My VM hosts use onboard video ;)
     
Loading...