[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Hardware information leaking


#1

Is there access to ANY KIND of accurate hardware information in Whonix with KVM? If yes, what kind of information?

Resources I’ve consulted:

  1. https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection#Less_important_identifiers
  2. https://www.whonix.org/wiki/Comparison_with_Others#Hardware_Serials
  3. https://www.whonix.org/wiki/Dev/Technical_Introduction#Sensitive_Information

It’s not noted how exhaustive the first list is, so I’m not sure how complete the protection is. I imagine this is really a question of the virtualization software used, but the primary purpose of virtualization is not hiding hardware information. Expecting to achieve this just by running a (K)VM seems somewhat optimistic to me, but I may be wrong. Does Whonix take any extra measures to hide hardware information other than relying on the hypervisor? What would be the best way to ensure complete hardware anonymisation, if not with KVM+Whonix?


#2

This has been tested and KVM is the hypervisor that masks the most info about the CPU. Since all other devices are virtual this isn’t even a thing.


Virtual Machine Manager: display type and CPU
Virtual Machine Manager: display type and CPU
#3

It’s good to know only the CPU is susceptible to fingerprinting in VMs. Is this the case for all (most?) virtualization software? Related

What tests are you talking about, did they include Xen? What CPU information can be leaked? It is a thing if some software intends to gather this info, no? Could you give me any pointers for finding more resources about this - collecting accurate hardware information in virtual machines?


#4

Its a necessary trade-off so you can have the performance that will allow you to do real world tasks. If you run a purely emulated environment it will be unbearably slow. AFAIK even if you don’t mask CPU details the worst they can do is narrow down the CPU to a model class. There is no single unique CPU identifiers like a serial number exposed to a guest. Masking this info is possible with KVM only - according to our testing. I am not sure if a determined adversary can just benchmark a CPU and run results against a database of all other results.

In a forum topic somewhere here, we already tested all supported hypervisors. AFAIK Xen (Qubes) now runs as HVM QEMU. Keep in mind the second you passthru real hardware (even with IOMMU) you can end up exposing hardware info to a guest and the hardware firmware can be flashed by a malicious actor resulting in a VM break.

Skype was caught uploading info about a computer’s BIOS so yeah you can say it is.

The first link referenced in your post explains how to test for hardware info:


#5

Wouldn’t something like Tails be more susceptible to hardware leaking than VMs? Advantage Whonix!

As in the end the CPU controls all hardware and software wouldn’t it be possible that by malicious instruction, let’s say from a compromised guest, host or hardware (Intel ME), it could query what real hardware is part of the computer and make this information available in the guest? Just as a possibility.

Sources?

What is a CPU model class, how broad is this term? Some CPUs of a certain generation of a certain manufacturer? How many CPUs would be in one class?

Is your source for this the first link in the top post?

Couldn’t find it, how old, keywords, category? Are the results only in the topic? This is important enough to go into documentation.

With references I had in mind published research or testing results. Are there any more such resources, made available by anyone, anywhere?


#6

With malicious hardware you have more things to worry about than CPU fingerprinting. For sources - they are things I saw a long time ago and you have to do some leg work to find/share them sorry. The hardware testing topic was linked either here or in your other topic about it.


#7

Alright, when I dig into it I’ll share anything good.

If there are more resources known to someone reading this topic about hardware information leaking/hiding please share if you can. Hardware fingerprinting can easily be attempted by software and users (not just of Whonix) would benefit from knowing more.