Hide Forgot
Summary: When discussing how to defeat keystroke pattern fingerprinting it was suggested by Martin that changes could be made at the virt-viewer/spice client level to send keyboard events with randomly preset dwell and gap times. (This feature should take into account that the Guest-side spice server is untrusted). https://www.redhat.com/archives/libvir-list/2016-March/msg00578.html https://www.redhat.com/archives/libvir-list/2016-March/msg00676.html This proposed feature can be tested against these demo sites: https://keytrac.net https://www.behaviosec.com/
Update after reporting this bug in other places: Genode a microkernel OS has modified its code and VirtualBox to defeat this. Qubes a Xen variant will add a fix to their SPICE daemon equivalent to deal with it. TAILS recognized the need for an OS level tool to defeat this technique since they run baremetal.
Per my reply the mailing list, I think this is a feature best done in either Xorg/Wayland, or even the Linux kernel. That way all applications benefit from the protection, not just stuff running inside virtual machines
I am in contact with devs on the Wayland/X and kernel lists: https://lists.freedesktop.org/archives/wayland-devel/2016-March/027607.html https://lists.x.org/archives/xorg-devel/2016-March/049159.html https://marc.info/?l=linux-kernel&m=145877344732456&w=2 I will keep track of this and hopefully something is done about it upstream. So far I received feedback from a Wayland developer. Nothing from kernel even though there is consensus that the input subsystem is where it belongs. QEMU/Spice would be a last resort if no other level intervenes?
The discussion on the Wayland mailing list has stalled with developers refusing to implement this on a system level (even if optional). The last hope for this to be implemented for Linux is in the virtualization layer. Please add this feature when you can. Related: Its sad how proprietary OSs like Windows10 are actively analyzing keystrokes by default while no one is wants to counteract this in Libre systems. (translation/summary. Article is in German) "Windows 10 generates advertising-IDs for everyone. The information Win10 transmits by default are (among other things): - location of device - browser history - favorites - which aaps are installed from the windows store - and data for input-personification. this includes biometrical data of pronunciation (cortana), writing style (handwriting) and how the user types on windows devices." http://www.heise.de/newsticker/meldung/Windows-10-Neue-Datenschutzbestimmungen-Windows-wird-zur-Datensammelstelle-2765536.html
A privacy researcher has kindly volunteered to write tools that mitigate these attacks. A working prototype has been released: https://github.com/vmonaco/kloak By running it on the host it should provide protection for all VMs as well.