9

As stated succinctly in the Tails "Known Issues" page:

Tails doesn't erase the video memory yet. When one uses Tails, then restarts the computer into another operating system, that other operating system can see what has been displayed on the screen within Tails.

Shutting down the computer completely, instead of restarting it, might allow the video memory to empty itself.

How big of an issue is this vulnerability? Does it pose a realistic security problem for users?

It also states that it completely shutting down might allow the VRAM to empty itself. Is there a way to ensure that it will definitely empty the video memory? Is this based off of the host system, or some other aspect of Tails?

If Tails is running in a virtual machine, and I exit the virtual machine (a simulated shutdown, in a sense), how does this affect the VRAM vulnerability?

Community
  • 1
esote
  • 371
  • 2
  • 12

1 Answers1

2

I'm not an expert, but I believe they say it might allow the VRAM to empty because typically volatile memory is erased when power is lost. To be sure the VRAM is clear, you'd want to turn off the PSU and press the power button to ensure no residual power is present in the system.

You ask, "How big of an issue is this vulnerability?" That depends entirely on who is using Tails, what they are using it for, and what other security controls they have in place. That said, this would be exploitable given physical access or arbitrary code execution, so it definitely is a vulnerability.

If you are running Tails in a VM, it will depend on the virtualization kernel whether the VRAM gets erased. Note that one exception would be if you pass through the GPU to the VM (ESXi does this quite well), in which case the VRAM will not be erased because the physical device is never powered off.

CrunchBangDev
  • 178
  • 7