Researcher finds Chinese KVM has undocumented microphone, communicates with China-based servers — Sipeed's nanoKVM switch has other severe security flaws and allows audio recording, claims researcher

A security researcher discovered severe security flaws in Sipeed's NanoKVM switch, including an undocumented microphone that can be activated over SSH and communicates with China-based servers. The device's software stack has weak points from boot, with hardcoded encryption keys and lack of basic protections in the web interface. The NanoKVM routes DNS queries through Chinese servers by default, lacks integrity checks for downloaded firmware, and includes utilities like tcpdump and aircrack. Community members are working on porting alternative Linux distributions to the device, allowing users to reflash with improved security measures and potentially remove the microphone component.