zlacker

How I discovered a hidden microphone on a Chinese NanoKVM

submitted by ementa+(OP) on 2025-12-06 13:54:59 | 380 points 99 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
1. kotaKa+S4[view] [source] 2025-12-06 14:39:48
>>ementa+(OP)
https://wiki.sipeed.com/hardware/en/kvm/NanoKVM/introduction...

Probably an older NanoKVM.

"NanoKVM-Cube hardware is built on the LicheeRV Nano platform. To coordinate production and maintain consistency with the LicheeRV Nano for the SMT project, the hardware retains the display, touch, MIC, and amplifier circuits. To address potential privacy concerns, versions 2.2.6 of the application and 1.4.1 of the firmware and above will remove the relevant drivers. We will also eliminate these components in future productions."

2. tayior+t6[view] [source] 2025-12-06 14:54:59
>>ementa+(OP)
To be fair, the microphone _is_ listed on the specsheet of the LicheeRV Nano

https://wiki.sipeed.com/hardware/en/lichee/RV_Nano/1_intro.h...

I assume they didn't intend to put a mic on the KVM product, but they wanted to make a KVM product, already had this SBC product, which reusing their existing stock of helped keep cost low.

Should they have been more up front about it it? Sure, and it's not great that they had a bunch of security issues in the FW anyway, so not exactly great, but "hidden microphone in a Chinese KVM" lets the mind wander

◧◩◪
12. i_am_p+Fd[view] [source] [discussion] 2025-12-06 15:50:15
>>ndsipa+4d
It is possible to keylog via audio.

https://ieeexplore.ieee.org/abstract/document/10190721

◧◩◪
19. Y_Y+mf[view] [source] [discussion] 2025-12-06 16:04:09
>>ndsipa+4d
just fan noise?

https://arxiv.org/abs/1606.05915

Any signal that you can modulate can be an exfiltration channel, and fan noise is no different.

◧◩◪
23. stragi+hg[view] [source] [discussion] 2025-12-06 16:10:31
>>Aachen+X9
Many a soundcard supports changing jack "direction". Here's a StackExchange answer from 2012, on how to do it with the GUI tool `hdajackretask` : https://askubuntu.com/a/911961
◧◩◪
78. jlward+RI[view] [source] [discussion] 2025-12-06 19:59:32
>>Coasta+Fh
It is this one: https://www.amazon.com/dp/B0CP4PD3SM

I did post a review there citing my security concerns.

Honestly I didn't go further with the investigation because if someone really has all my data, I'm worried about retribution.

◧◩◪◨⬒
94. simonc+N31[view] [source] [discussion] 2025-12-06 23:11:57
>>stragi+a11
This picture from the list of product pictures [0] indicates that the thing acts as an Ethernet bridge. It probably exposes itself as a USB-C gigabit Ethernet device to the machine it's plugged into.

Page four of TFM [1] supports this theory.

Also, this functionality is called out in the product listing and in the manual. I'm over here laughing my ass off because OP got so frightened by this clearly-documented feature that they immediately threw the thing in the trash, rather than first investigating to see if the source of the network traffic was the machines plugged into the device.

[0] <https://m.media-amazon.com/images/I/71GglDmzCYL._SL1500_.jpg> (If this direct link fails, it's the image that has the header "A Stable Gigabit Ethernet Port".

[1] <https://avaccess.com/wp-content/uploads/2024/01/UM-_-iDock-C...> (This is the "DOWNLOAD USER MANUAL" link in the Downloads subsection of the More Information section of [2])

[2] <https://www.avaccess.com/products/idock-c20-kvm-switch-docki...>

◧◩◪◨
95. simonc+741[view] [source] [discussion] 2025-12-06 23:14:18
>>jlward+dJ
> The KVM didn't have any documentation on anything related to its network interface.

My research disagrees. See [0]

[0] <>>46177462 >

[go to top]