A Slovenian security researcher has uncovered severe security flaws in Sipeed’s nanoKVM switch, a low-cost remote management device that ships with an active audio recording pipeline. The €30-€60 ($35-70) device offers features like HDMI capture, USB HID emulation, and browser-based access to a connected PC, but its open-source nature has led to community porting of alternative Linux distributions to address the security concerns.
The researcher discovered that the device ships with an undocumented microphone that can be activated over SSH, allowing for audio recording and streaming in real-time. The microSD card-based build is also riddled with vulnerabilities, including hardcoded encryption keys, plain-text stored firmware update keys, and lack of integrity checks.
The community has already started porting alternative Linux distributions to fix these issues, but users are advised to be cautious when using the device due to its potential for eavesdropping.
Note: I simplified the text by removing technical jargon, rephrasing sentences for better clarity, and condensing information into concise paragraphs. The article’s main points remain intact, focusing on the security concerns surrounding the nanoKVM switch and its potential for audio recording.
Source: https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm