top | item 46173784

(no title)

To be fair, the microphone _is_ listed on the specsheet of the LicheeRV Nano

https://wiki.sipeed.com/hardware/en/lichee/RV_Nano/1_intro.h...

I assume they didn't intend to put a mic on the KVM product, but they wanted to make a KVM product, already had this SBC product, which reusing their existing stock of helped keep cost low.

Should they have been more up front about it it? Sure, and it's not great that they had a bunch of security issues in the FW anyway, so not exactly great, but "hidden microphone in a Chinese KVM" lets the mind wander

discuss

LorenPechtel|2 months ago

Given it's history I suspect there is nothing malicious going on here, just a Chinesium approach to building something. Security isn't documented so it's made of tissue paper.

unknown|2 months ago

[deleted]

ndsipa_pomu|2 months ago

It doesn't strike me as that useful to have a hidden microphone in a KVM product as most of the time, they're going to be stuck in server rooms with just lots of fan noise to record.

Far more of an issue would be any kind of keylogger built into the software, which is why it's best to go for devices that support open source software.

Y_Y|2 months ago

just fan noise?

https://arxiv.org/abs/1606.05915

Any signal that you can modulate can be an exfiltration channel, and fan noise is no different.

PunchyHamster|2 months ago

The KVM just uses a devboard that's also sold separately and just happens to have a microphone, given how cheap the mics are having one extra SKU would probably just cost them more than savings.

Also I wouldn't really consider it "server room" product. Pretty much any new server has KVM, this is more "a hobbyist needing KVM for their home server"

i_am_proteus|2 months ago

It is possible to keylog via audio.

https://ieeexplore.ieee.org/abstract/document/10190721

hinkley|2 months ago

Ultrawideband never caught on because it turns out that the speed of light and sound in air is frequency dependent, so you have to know the distance to the target pretty accurately and then skew the signal to send or receive. (Imagine a phased array antenna but also with a frequency domain to work out as well).

But that doesn’t mean you can’t make it function in a loud server room. The whole point of it is working in and around noise.

Rygian|2 months ago

"hidden microphone in a Chinese KVM" is the correct way to describe what is going on.

"Reusing existing stock" is not a valid excuse. They are currently selling this device without advertising that it contains a working microphone.

mintplant|2 months ago

A working microphone and recording software and hacking tools like aircrack-ng on an otherwise stripped-down OS image...

NedF|2 months ago

[deleted]

parineum|2 months ago

The Chinese part makes one think the Chinese could access the microphone.

Nevermind that, if they could access the device, they'd also be able to read your kvm i/o.

motbus3|2 months ago

You might be right but I think we cannot assume malice when it could be laziness. It might be that the exact same board has multiple target audiences and they just rebrand it for different purposes with different pricing.

That said, the microphone is so weirdly positioned that it gets suspicious indeed.

hinkley|2 months ago

Microphones and LEDs have been used famously for side channel attacks and also to circumvent air gaps. From a Least Power point of view this is troubling.

TheRealPomax|2 months ago

And rather than "the Chinese", how about "anyone robo-dialling some SSH connections"?

MomsAVoxell|2 months ago

I'm completely fine with there being a microphone in the thing. It's literally a remote eyes/hands interface, so it being an eyes/ears/hands interface is perfectly acceptable.