They didn’t hide that. They clearly said nanokvm has particular board in it and the board always had mic. And that was discussed over their GitHub issues about a year ago. Yeah, they were a bit sloppy but they also positioned this device as an example of what you can do with devboard. And as far as I remember after initial success, nanokvm pcie was redesigned and no mic onboard.
3 days ago | 11
They repurposed an existing Sipeed dev board for the nanokvm. This was documented. KVM devices have been insecure and implemented pretty badly even in enterprise products. I think there's worse things than a dev board with a microphone. Like the mass surveillance that just got passed in the EU. But let's all focus on the China instead shall we ;]
3 days ago | 5
I would to know how someone can hide a microphone 'by mistake'.
4 days ago | 3
Today I learned that there are worse spy devices out there than your phone.
3 days ago | 1
Lol.. seriously, the US government has backdoors built in to leading networking equipment, advisories to use weakened security primitive and secret courts to gain access to your online data, but yes we should totally be worried about leaking our data to a small Chinese company that has no influence whatsoever what goes on in the everyday life.
3 days ago | 5
NASCompares
Some bubbling news over the last few days (that I missed, thanks for those that shared last night) on the original NanoKVM. The TL;DR is that this sounds likely to be just a lazy/overlooked early production error, but if you have one, wall it off anyway (as you should have already).
I reviewed the Pro model a few weeks ago (https://www.youtube.com/watch?v=iCChf...), but it appears the original first wave released model features/featured** a small on-board microphone that can be activated over SSH with script, but would still need prompting to record and 'send home' successfully needing ports/path open. This seems like it was a case of the brand reusing an existing board and it having the mic onboard (the LicheeRV Nano – which DID mention the microphone in it’s hardware specifications, but it is not detailed on the NanoKVM spec sheets at the time of discovery).
I am currently going over the NanoKVM Pro device in this video for any further issues of hardware irregularities or issues discovered since this video was published (the device has been in action for 3 weeks more now), but even early checking has shown up negative/nothing. Bottom line, that device was not released finished, and early reviews of that device absolutely SLAMMED it for security issues (again, see Aparld’s vid from back in Feb that frankly teared the device a new one! https://www.youtube.com/watch?v=plJGZ...) which largely related to poor practices - plain text passwords, chinese DNS, etc, so no one should be deploying it on mission-critical clients anyway.
Nevertheless, this sounds like (at best) a stupid mistake by the brand, and (at worst) poorly developed and badly baked hardware that was rushed out the door. Given the deployment scenario of this device AND the fact it has KVM access, there are probably a dozen better ways it could have hijacked a client (in it's launch state) if that was the brand's intention - it sounds more like Johnny English levels of spying, as opposed to James Bond! I have reached out to the brand for more on this and will add here as/when it arrives. In the meantime, check out Jeff’s Level 2 channel for his video on this (here https://www.youtube.com/watch?v=RSUqy... ), which does a solid job of nailing the salient points! You can find the original investigation of the device (here telefoncek.si/2025/02/2025-02-10-hidden-microphone…) .
**still 100% TBC if this was just the first models or all of the original NanoKVM that were shipped
4 days ago | [YT] | 105