Sys-audio and bluetooth - how safe?

Hi, I’m trying to make a final judgement on the functionality and the safety considerations of putting a bluetooth daemon inside of sys-audio in order to stream sound to an external bluetooth sink.

  1. Is this a functional approach to getting your sound streamed? Are there any issues that come up that make it impractical or not-what-you-want?

  2. What are the safety considerations of this? Assuming bluetooth is compromised how much of a risk are you taking? Does sys-audio only get data from other qubes or does it also offer an attack vector into them? Is the only fear that you might have someone listening over bluetooth to your audio?

  3. What are the alternative ways to stream audio to an external bluetooth device? I imagine that you could 1) install a bluetooth daemon inside of a specific qube and stream from that and 2) install a bluetooth daemon inside of some sys-qube, would that be different somehow than using sys-audio? What are the considerations?

Thanks.

Interessting question.

Sadly i am not too deep into the sound stuff to give any educated guess for the first two questions, but will read the answer here as i am interested in that too.

I wanted to state that the safest way to transmit audio over bluetooth is probably to use a dedicated hardware bluetooth transmitter attached to your audio out.

Here is some hint from the developers:

Even Bluetooth audio devices (like headphones) could finally be used securely, without exposing the whole system to attack.

Yes, as far as I see it.

Not that I’m aware of

Usual regarding bluetooth.

It depends on your neighbors, I’d say.

As far as I see it not bigger than any audio in dom0 to any other qube.

It depends on your neighbors, I guess.

Sys-audio?
The whole point of sys-audio is to remove as much as possible hardware from dom0 thus further reducing attack surface.

If you decide to use bluetooth, it’s irrelevant to what app qube you would attach it, but at least make it offline. You saved dom0 anyway.

Maybe something of this would give you an idea

The usual safety considerations in regards to bluetooth is that if someone is able to compromise bluetooth then they’ll be able to own your system. I’m under the impression that even if someone was to compromise bluetooth if you use it inside of sys-audio there is no channel that lets sys-audio change other qubes and as such you’re safe except for perhaps having your sound listened to if you assume Qubes does not have an unintentional leak.
To me that sounds like these safety considerations are a lot safer than the usual bluetooth ones. Am I misunderstanding something?

2 Likes