** Bug watch added: GNOME Bug Tracker #554438 http://bugzilla.gnome.org/show_bug.cgi?id=554438
** Also affects: gnome-screensaver via http://bugzilla.gnome.org/show_bug.cgi?id=554438 Importance: Unknown Status: Unknown ** Description changed: Binary package hint: gnome-screensaver This is an enhancement request related to a low-risk security vulnerability. Nothing serious but still would be nice to have this implemented. Currently you can password-protect your screen and input devices like keyboard and mouse using the Gnome Screensaver. This is useful when you need to leave the computer unattended for a while in a moderately insecure environment. But the audio input/output is not locked by the screensaver and that opens up a vulnerability. Here is a use case. You talk with Bob using Ekiga Softphone (an Internet telephony client). Then you lock your computer's screen and go out for a short while. If someone approaches your computer while you're out, they can use your headphones and microphone and may be able to impersonate you to Bob or hear some confidential talk that Bob intended only for you to hear. Gnome Screensaver should have an option to control whether audio input and output are enabled while your screen is locked. If you are aware of the risk, an easy (albeit often inconvenient) work- around exists: disconnect your Ekiga call before leaving — and generally make sure that running programs neither use the audio input from the microphone nor emit any confidential sounds. If the user doesn't have a security mindset, however, there is a chance that she won't think of this risk at all and will remain exposed. Although technically it is true that if the attacker can physically access your machine you're lost from the security point of view, actually there are many environments (like your home or maybe your workplace) where a screensaver lock is enough to stop casual eavesdroppers because they are not technically competent or because they wouldn't risk to mount a more serious attack which might involve opening up the case, connecting suspicious devices to it, etc. After all, nobody says that the screensaver password locking feature is _useless_. If it is useful to some extent, so will be the feature suggested here. - - Feel free to copy this suggestion to the upstream bug tracker. I just - wanted to collect some feedback here first. -- Gnome Screensaver should optionally disable audio input and output https://bugs.launchpad.net/bugs/275560 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
