This has made rounds a few times. It's not undocumented. The KVM is built on an eval board that has a (documented) mic: https://wiki.sipeed.com/hardware/en/lichee/RV_Nano/1_intro.html They probably just had a bunch of these dev boards in inventory and decided to use them to build the KVM product.
Maybe you could argue that they should've disclosed this more obviously on the KVM side, but it's not a deliberately surreptitous recording device. There are indeed a bunch of security issues coming to light on the software / firmware side, but it definitely appears to be more ignorance than malice.
The NanoKVM’s network behavior raised further questions, as it routed DNS queries through Chinese servers by default and made routine connections to Sipeed infrastructure to fetch updates and a closed-source binary component. The key verifying that component was stored in plain text on the device, and there was no integrity check for downloaded firmware.
And that a Chinese product uses a Chinese DNS resolver by default is suspicious how exactly?
From a general consumer standpoint, KVMs are intended to intercept keystrokes and redirect them to the selected machine, it's not outside the realm of possibility that it could contain a key logger that steals data leading to identify theft.
From an enterprise standpoint, China is already known to be the single largest perpetrator of IP theft, so apply the same key logger logic above, but add in the ability to intercept data as well.
So then is it not fair to say that if it’s not disclosed on the actual kvm specs for the user at the point of purchase that it’s still “undocumented” for that purpose?
How are they naive when they linked the eval board that was used? It may have been used maliciously and even said the firmware is suspect. The thing they are contesting is it’s an undocumented microphone, it’s not. As an actual IT Professional, who again is not defending the product or China but just pointing out the details matter, I hope you learn to look at the details in what you do professionally.
It isn’t needed. It’s a cheap, mass produced main board, and the core purpose isn’t only to be a kvm.
In IT, especially with components, there are sometimes multiple uses for individual boards. When I was in college we used dev/project boards for all kinds of things. They are inexpensive and usually come with a number of built in parts, like microphones or status LEDs or whatever.
If I used a dev board to make an automatic feeder for our cats, it would have a microphone on the board but I’m not using it for the cat feeder. That doesn’t automatically mean I’m spying on my cats.
They used a general purpose dev board that has a mic on it. Is it needed? No. Was it there? Yes. Maybe the board has an accelerometer also. Is that needed? No.
Do you also buy a smart light bulb with camera, microphone, face recognition, Kali tool pack and WiFi, because its was the available of the shelf hardware? I don't use the ultimate spying capability installed the device, pinky promise :P
It also includes an on-die 1TOPS NPU; a populated, unused MIPI DSI output; and an onboard jumper to switch between booting an ARM cortex A53 and a RISC-V C906 as the CPU core. None of which are useful features in a KVM application like this.
They took an off the shelf product and made a special purpose product around it. Kind of like building an appliance with a raspberry pi compute module.
The other really common thing I've seen with stuff like this is the firmware for it is often something that started out as a tutorial/example project that they just added to as they figured it out.
This is bad journalism or rather sensationalism I'd say. I have quite a few of these even though on an isolated network with no Internet access and only accessible through a wireguard node on my network, mainly because I have a complete zero trust network
The microphone is a well documented feature of the LicheeRV Nano, the board used in NanoKVM.
I've been keeping an eye on its packets transmission and can share my limited experience, the communication with China is two factored, it has AliDNS hardcoded which is the Chinese equivalent of Google DNS and it can be changed to local DNS or any DNS of user's choice, the same can be said for the NTP server. The second one is, it phoning servers in China for updates/verify device ID, it's obviously going to do that as the company is based in China.
They have enabled HTTPS by default now.
The only thing that can be criticised is the hardcoded encryption keys which they're not likely to do anything about as it's going to break compatibility with their images but they have at least mitigated that with the implementation of HTTPS.
They've cleaned up most of the debugging tools which were present in the initial builds and also made the backend code open source but still has the closed source libkvm binary blobs and, this has made the SCPcom's github fork possible and that is open source, it has managed to sanitise the firmware further and the community is quite active.
The SCPcom fork addresses all these issue and is opensource and removes the libmaixcam_lib/libkvm which used to phone servers in China.
Tcpdump and aircrack-ng have been removed from the official firmware and they were most likely part of the SDK, so definitely not included in the fork either.
Because it is incredibly time consuming, tedious, and depending on the device difficult and not consumer friendly.
You can not pretend to be ignorant that majority of devices and systems update over network. From Windows, to Mac, to Linux. The core system updates for Linux, or updates for apps for your phones; delivered to the device over network. Pretty much the only group of devices not like that are enterprise devices, and this is very much not an enterprise device.
Now, if that's how you do it, I support you in your choice to do that. But do not pretend to be ignorant how consumer technology is built and works these days. Over the air updates is the norm, manually updating like you are suggesting is rare and uncommon these days.
I mean, better than having a backdoor into my network from every device that is phoning home.
Remember, the S in IOT stands for Security… so they get firewall rules to keep them off the internet instead.
Linux and windows obviously can be manually updated securely, but I recently installed an enterprise Netgear switch that tries to connect back to netgear to give them a backdoor. It’s getting out of control. The only way to control anything is to make sure nothing you connect has direct internet access unless you need it for something specific.
It has usb and video access to your computer. Use your head and think critically for once; don’t just follow others.
To be concerned over a microphone on a kvm is absolutely ridiculous and brain dead.
If the complaint is that you don’t trust devices from China because of the past actions of the Chinese government; maybe that’s overly cautious or paranoid but there is a line of thought there.
But to go “the Chinese made device gets updates from China so it’s bad!!” Or “the kvm has a microphone so it’s bad!!!” Is just such a stupid take. Think for yourself! Don’t let yourself be manipulated by such obvious fear mongering shit like this.
All that ever needed to be said is that it is a Chinese made device. But that’s not headline attention grabbing and doesn’t invoke the same fear response as drumming up a big nothing burger of “they’re listening in via a microphone” in the context of, again, a KVM; which is capturing video, capturing your keystrokes, and can output keystrokes; stop letting other think for you and think for yourself.
People can't do the most basic of critical thinking and can't think for themselves.
You might as well be pointing at a guy with a small knife (like a Swiss army knife small) and an ar15 telling everyone how he's about to stab someone and the danger is the knife, while being told "fuck the knife, what about the GUN, how are you not concerned about the GUN" while you keep going "yeah, BUT THE KNIFE! The real danger is the stabbing risk!" over a fucking 3 inch knife.
We're not talking about a Chinese made smart bulb, we're talking about a computer. And every Chinese device would get its software updates from China. But also , I never said anything about 1000s of other Chinese devices, or that few reach out to China.
If you've got a Chinese device that updates over the internet, it must likely connects to a Chinese server. Only exception would be if they have such a large customer base that they can take advantage of load balancing, and split the load regionally. Or if it's latency sensitive.
The security concern here does not change no matter where to the initial connection is made. The software package is still made in China by a Chinese company.
There is zero change in risk having the device connect to, say, a US or EU server that is controlled by this Chinese company, where you're pulling in data from that server put on there by a Chinese company that was transferred over the Chinese network to that server. Where a Chinese company can access and download all the connection data from that server. The difference is just how you feel about it, there is zero technical differences in risk.
And if you can't think of why one company wouldn't want to put their stuff on someone else's platform... I don't know what to say other than to ask, why do you homelab? Why don't you just use Google, Microsoft, Amazon, etc?
If all your concerns is just that it's made from China, that's all your concern is and that's all that needs to be said. Changing the update server, the microphone, all of that is just unnecessary fear mongering.
I don't get the "America does it too" argument. I don't want any governments spying on me. The bar should not be set by American standards at this point.
Glad I'm not the only one who find the microphone creepy that it has full recording capability by the software running on the KVM.
And Aircrack and TCPdump installed by default. Perfect hacker tools for a Chinese APT :)
And a modified Tailscale program in some cases, always running by default. You have a lot of trust in the Chinese government. It would be the perfect backdoor. It only missing a 360 camera :)
I think I've seen this "reveal" at least 7 times in the past 24 hours. Getting sick of it <.<
Nothing was hidden. It's clearly stated in the documentation it's there because the board is based on their base board which has a freaking microphone. It's not some conspiracy by chinese manufacturers.
Cool, at least the Chinese spys try and hide it then 🤣 the Americans just force all their companies to put a back door in.
If the Chinese government wanted to listen to the fans in server rooms, this is a stupid way to do it. This device is intended for people to play around with, its not a serious device for actual deployments.
Its target for mostly home users. No loud fans. And its perfect for a botnet and jump to sensitive targets. Like company devices you use at your home office. They tend to have less security :)
More troubling, the encryption key used to protect login passwords in the browser is hardcoded and identical across all devices. According to the researcher, this had to be explained to the developers “multiple times” before they acknowledged the issue.
Malicious ignorance or genuine stupidity?
The NanoKVM’s network behavior raises further questions, as it routes DNS queries through Chinese servers by default and makes routine connections to Sipeed infrastructure to fetch updates and a closed-source binary component. The key verifying that component is stored in plain text on the device, and there is no integrity check for downloaded firmware.
The underlying Linux build is also a heavily pared-down image without common management tools, yet it includes tcpdump and aircrack, utilities normally associated with packet inspection and wireless testing rather than production hardware intended to sit on privileged networks.
All this, paired with the discovery of a tiny surface-mount microphone, should make any user suspicious of the device’s true intentions.
My hope is that the try-hard tech nerds who would use something like this would know to do research on any device that they're plugging into their network. But even plugging it into a segmented network wouldn't protect from the microphone if it still has internet access.
try-hard tech nerds who would use something like this would know to do research on any device that they're plugging into their network.
Quite a lot to unpack there.
Firstly people using KVMs aren't "try-hard tech nerds".
Secondly how would they research this themselves? The guy doing this is a literally an expert.
Thirdly - even if they were "try-hard tech nerds" you expect them to disassemble every piece of tech they own, identify every single chip on it, reverse engineer the circuit and verify that all is well? And then they can start disassembling the software?
And the point is - sure this was a KVM this time. But it could have been a set of Wifi lights from amazon next time. You expect all the lightbulb "try hards" to be doing the same thing?
Because of the implication that we should we all be scrutinising and reversing engineering and decompiling all the software for every device we put on our networks perhaps?
My hope is that the try-hard tech nerds who would use something like this would know to do research on any device that they're plugging into their network.
Madness to to even think that happens in any single instance of a user buying this.
This has made rounds a few times. It's not undocumented. The KVM is built on an eval board that has a (documented) mic: https://wiki.sipeed.com/hardware/en/lichee/RV_Nano/1_intro.html They probably just had a bunch of these dev boards in inventory and decided to use them to build the KVM product.
Maybe you could argue that they should've disclosed this more obviously on the KVM side, but it's not a deliberately surreptitous recording device. There are indeed a bunch of security issues coming to light on the software / firmware side, but it definitely appears to be more ignorance than malice.
But why is it communicating with a server..?
It's a KVM...
Firmware updates, usage analytics, etc.
And that a Chinese product uses a Chinese DNS resolver by default is suspicious how exactly?
From a general consumer standpoint, KVMs are intended to intercept keystrokes and redirect them to the selected machine, it's not outside the realm of possibility that it could contain a key logger that steals data leading to identify theft.
From an enterprise standpoint, China is already known to be the single largest perpetrator of IP theft, so apply the same key logger logic above, but add in the ability to intercept data as well.
Pretty sure this is an IPMI; not just a KVM. / Yes, any device you connect to input data can intercept your traffic and send it elsewhere.
You would generally use the network default one.
sinophobia and fear mongering for clicks
no lie told, mad fear mongering over "Chinese" servers as Palantir sucks up data over the clear net.
What would a microphone be used for, in a KVM that is designed for remote management? As a IT professional, I can not come up with a single thing :)
An IT professional should read the linked article before arguing. It's a general-purpose development board, not built only for KVMs.
Even the comment they’re replying to includes the information that it’s a general-purpose development board lol.
Reading is HARD apparently lol.
No wonder they couldn't come up with a single thing
I'm an it professional:)
even with just reading the comment above should have made it clear to the IT guy why it has a microphone on the board lol
reading is hard can you put it in a picture or a tik tok?
So then is it not fair to say that if it’s not disclosed on the actual kvm specs for the user at the point of purchase that it’s still “undocumented” for that purpose?
Damn you are naive :)
How are they naive when they linked the eval board that was used? It may have been used maliciously and even said the firmware is suspect. The thing they are contesting is it’s an undocumented microphone, it’s not. As an actual IT Professional, who again is not defending the product or China but just pointing out the details matter, I hope you learn to look at the details in what you do professionally.
You can give me a reason why a microphone is needed for a KVM? I can not find any :)
It isn’t needed. It’s a cheap, mass produced main board, and the core purpose isn’t only to be a kvm.
In IT, especially with components, there are sometimes multiple uses for individual boards. When I was in college we used dev/project boards for all kinds of things. They are inexpensive and usually come with a number of built in parts, like microphones or status LEDs or whatever.
If I used a dev board to make an automatic feeder for our cats, it would have a microphone on the board but I’m not using it for the cat feeder. That doesn’t automatically mean I’m spying on my cats.
I truly hope this helps.
You did not give me a reason why the microphone is needed in a KVM. Or why the binary is there to make it record and dump the files. So didn't help :)
Literally their first sentence. "It isn't needed". Why would they need to give you a reason why it's needed if they agree that it isn't needed?
And yet it still there and you can use it for recording. That is a problem.
You absolutely lack comprehension, dude.
They used a general purpose dev board that has a mic on it. Is it needed? No. Was it there? Yes. Maybe the board has an accelerometer also. Is that needed? No.
:)
The guy you're replying to has absolutely zero idea what a microcontroller dev board even is.
Do you also buy a smart light bulb with camera, microphone, face recognition, Kali tool pack and WiFi, because its was the available of the shelf hardware? I don't use the ultimate spying capability installed the device, pinky promise :P
You have made it abundantly clear you're not an "IT Professional". You aren't an IT anything
Working in the IT security field :)
That is an excuse, that can be exploited. Since its Chinese, IMO it will. But good luck to you :)
The firmware is open source. You can read it, change it and compile it yourself. If you're a professional you shouldn't have any issues with this.
Im so confused why he says he is a IT professional but does not understand the fundamentals of how hardware works.
I actually work in IT (help desk teamlead) and I'm starting to see a lot of similar behaviours in my environment
You still use closed source blobs of codes. Not everything is open source.
And just because the blobs is reverse engineered, doesn't equal no backdoor. You can for example only update high valued targets with malicious blobs.
It also includes an on-die 1TOPS NPU; a populated, unused MIPI DSI output; and an onboard jumper to switch between booting an ARM cortex A53 and a RISC-V C906 as the CPU core. None of which are useful features in a KVM application like this.
They took an off the shelf product and made a special purpose product around it. Kind of like building an appliance with a raspberry pi compute module.
The other really common thing I've seen with stuff like this is the firmware for it is often something that started out as a tutorial/example project that they just added to as they figured it out.
Exactly this, and SCPcom's fork addresses all those concerns
A lot of attack vectors present. Its a bad product. I would never use it and don't recommend anyone using it in a secure environments.
Your proved pretty exhaustingly that your recommendations are based on knee jerk reactions instead of proper research.
The microphone on the board is real ;)
Are you maybe an unprofessional professional?
Answer the question ;)
It's been answered at least 4 times, just learn to read lmao. You clearly are not any sort of professional
Reddit professional. Expert at claiming to be an expert while saying dumb stuff.
You have not given me a reason why a KVM need recording capabilities.
You don't give me a reason why you need a brain if you don't use it
This is bad journalism or rather sensationalism I'd say. I have quite a few of these even though on an isolated network with no Internet access and only accessible through a wireguard node on my network, mainly because I have a complete zero trust network
The microphone is a well documented feature of the LicheeRV Nano, the board used in NanoKVM.
I've been keeping an eye on its packets transmission and can share my limited experience, the communication with China is two factored, it has AliDNS hardcoded which is the Chinese equivalent of Google DNS and it can be changed to local DNS or any DNS of user's choice, the same can be said for the NTP server. The second one is, it phoning servers in China for updates/verify device ID, it's obviously going to do that as the company is based in China.
They have enabled HTTPS by default now.
The only thing that can be criticised is the hardcoded encryption keys which they're not likely to do anything about as it's going to break compatibility with their images but they have at least mitigated that with the implementation of HTTPS.
They've cleaned up most of the debugging tools which were present in the initial builds and also made the backend code open source but still has the closed source libkvm binary blobs and, this has made the SCPcom's github fork possible and that is open source, it has managed to sanitise the firmware further and the community is quite active.
The SCPcom fork addresses all these issue and is opensource and removes the libmaixcam_lib/libkvm which used to phone servers in China.
does that fork also remove aircrack, a wifi hacking tool that has no business being included in the software package ? https://github.com/sipeed/NanoKVM/issues/248
Tcpdump and aircrack-ng have been removed from the official firmware and they were most likely part of the SDK, so definitely not included in the fork either.
Yes, I expected more from tomshardware, but it looks like even they are not immune to usa propaganda money
Response to concerns about NanoKVM security
none of that post explains the REQUIREMENT to reach out to Chinese servers or other weird out of box network activity https://www.reddit.com/r/homelab/comments/1iifi6q/deep_dive_in_nanokvm_security_issue/
You mean, to reach out to the Chinese servers run by the Chinese company that made the device for software updates?
Where would you think it would reach out to for updates?
Oh my god you've killed him
Please tell me you’re a bot.
I don’t need two people here showing that they can’t think for themselves.
bro you set your argument up to fail for no reason other than theatrics
Nope, still alive :)
oh good. who are you?
He’s the guy pretending to be the guy you said the other guy killed, gptbtgystogk.
That said he’s not the guy you were originally referring to and I suspect he’s attempting some kind of man in the middle chat.
I can hear you loud and clear over the microphone ....
Nowhere. It should reach nowhere for anything. I can log in and upload any updates I want on it, thank you.
So you do that for all your devices? Your phones? Your computers? Every device you have?
I'm impressed if so.
I mean… yes, of course. Why would that be impressive?
Because it is incredibly time consuming, tedious, and depending on the device difficult and not consumer friendly.
You can not pretend to be ignorant that majority of devices and systems update over network. From Windows, to Mac, to Linux. The core system updates for Linux, or updates for apps for your phones; delivered to the device over network. Pretty much the only group of devices not like that are enterprise devices, and this is very much not an enterprise device.
Now, if that's how you do it, I support you in your choice to do that. But do not pretend to be ignorant how consumer technology is built and works these days. Over the air updates is the norm, manually updating like you are suggesting is rare and uncommon these days.
Lol I love it when people double down instead of just admitting that they said something dumb.
I mean, better than having a backdoor into my network from every device that is phoning home.
Remember, the S in IOT stands for Security… so they get firewall rules to keep them off the internet instead.
Linux and windows obviously can be manually updated securely, but I recently installed an enterprise Netgear switch that tries to connect back to netgear to give them a backdoor. It’s getting out of control. The only way to control anything is to make sure nothing you connect has direct internet access unless you need it for something specific.
Because this is very odd behavior.
Do you know how many connected devices that require updates in your home? If you are manually doing that, then it's the equivalent of a full time job.
Normal people dont have that much time nor dedication on their hands so they opt for automatic updates.
So either you are a liar or you have too much time on your hands.
Or I don’t use a bunch of garbage devices 🤷
Is this really the hill you want to die on?
Mr. I Am Superior Because I Update Everything Manually
Really? You want to [pretend to] be that guy?
Updates is a backdoor. Don't like the Chinese government control that :)
So you just don’t update anything? Script kiddies must love you.
I don't use cheap Chinese spyware with builtin microphone :)
It’s a KVM!!!
It has usb and video access to your computer. Use your head and think critically for once; don’t just follow others.
To be concerned over a microphone on a kvm is absolutely ridiculous and brain dead.
If the complaint is that you don’t trust devices from China because of the past actions of the Chinese government; maybe that’s overly cautious or paranoid but there is a line of thought there.
But to go “the Chinese made device gets updates from China so it’s bad!!” Or “the kvm has a microphone so it’s bad!!!” Is just such a stupid take. Think for yourself! Don’t let yourself be manipulated by such obvious fear mongering shit like this.
All that ever needed to be said is that it is a Chinese made device. But that’s not headline attention grabbing and doesn’t invoke the same fear response as drumming up a big nothing burger of “they’re listening in via a microphone” in the context of, again, a KVM; which is capturing video, capturing your keystrokes, and can output keystrokes; stop letting other think for you and think for yourself.
And a recording device. Its a fact and nothing paranoid. And when you can not even acknowledge that, you are lost :)
amixer -Dhw:0 cset name='ADC Capture Volume 20'(this sets microphone sensitivity to high)arecord -Dhw:0,0 -d 3 -r 48000 -f S16_LE -t wav test.wav & > /dev/null &(this will capture the sound to a file namedtest.wav)This is why we're cooked as a species.
People can't do the most basic of critical thinking and can't think for themselves.
You might as well be pointing at a guy with a small knife (like a Swiss army knife small) and an ar15 telling everyone how he's about to stab someone and the danger is the knife, while being told "fuck the knife, what about the GUN, how are you not concerned about the GUN" while you keep going "yeah, BUT THE KNIFE! The real danger is the stabbing risk!" over a fucking 3 inch knife.
I'm all fairness my cousins doing life for giving a guy just an inch so 3 inches would be triple the job /s
why not host the data for the updates in a cloud server in the US, or in a country with GDPR protections? or poll github directly for releases ?
cloud storage is not prohibitively expensive
there is 0 reason to force a device in the us to connect to china even if a Chinese company makes it.
like you said 1000's of devices are made in china, but few reach out to china by default
We're not talking about a Chinese made smart bulb, we're talking about a computer. And every Chinese device would get its software updates from China. But also , I never said anything about 1000s of other Chinese devices, or that few reach out to China.
If you've got a Chinese device that updates over the internet, it must likely connects to a Chinese server. Only exception would be if they have such a large customer base that they can take advantage of load balancing, and split the load regionally. Or if it's latency sensitive.
The security concern here does not change no matter where to the initial connection is made. The software package is still made in China by a Chinese company.
There is zero change in risk having the device connect to, say, a US or EU server that is controlled by this Chinese company, where you're pulling in data from that server put on there by a Chinese company that was transferred over the Chinese network to that server. Where a Chinese company can access and download all the connection data from that server. The difference is just how you feel about it, there is zero technical differences in risk.
And if you can't think of why one company wouldn't want to put their stuff on someone else's platform... I don't know what to say other than to ask, why do you homelab? Why don't you just use Google, Microsoft, Amazon, etc?
If all your concerns is just that it's made from China, that's all your concern is and that's all that needs to be said. Changing the update server, the microphone, all of that is just unnecessary fear mongering.
Yeah, I'll stick to my good ol American spyware thank you very much
I don't get the "America does it too" argument. I don't want any governments spying on me. The bar should not be set by American standards at this point.
Don't use Windows or Mac :P
No body tell him how much Linux systems rely on US based code and work.
Cause I doubt he can evaluate the source himself and bootstrap his own compiler to then compile his own distro.
edge updates can be hosted in a GDPR or non CCP- controlled country, or routed through edge servers in those countries.
one potential reason to Geo lock the update server, would be to allow CCP interference in traffic.
the same has happened in the us to allow us intelligence to capture data , per WikiLeaks.
Glad I'm not the only one who find the microphone creepy that it has full recording capability by the software running on the KVM.
And Aircrack and TCPdump installed by default. Perfect hacker tools for a Chinese APT :)
And a modified Tailscale program in some cases, always running by default. You have a lot of trust in the Chinese government. It would be the perfect backdoor. It only missing a 360 camera :)
This article is so dumb.
I think I've seen this "reveal" at least 7 times in the past 24 hours. Getting sick of it <.<
Nothing was hidden. It's clearly stated in the documentation it's there because the board is based on their base board which has a freaking microphone. It's not some conspiracy by chinese manufacturers.
Clickbaity misleading nonsense, that's all documented. There's nothing to hide
Well kinda glad the POS I bought from them was broken out of the box, lol.
Look at all the Chinese bots…..
Post last week.
Oh trust me there will be people cry when they can’t flash their moded firmware
Whoa, that's some nextalevel creepy tech—backdoor city!
Surprised?
Not really. Its a product of the Chinese government :)
Cool, at least the Chinese spys try and hide it then 🤣 the Americans just force all their companies to put a back door in.
If the Chinese government wanted to listen to the fans in server rooms, this is a stupid way to do it. This device is intended for people to play around with, its not a serious device for actual deployments.
Its target for mostly home users. No loud fans. And its perfect for a botnet and jump to sensitive targets. Like company devices you use at your home office. They tend to have less security :)
Nice Chinese BOTS lol
Malicious ignorance or genuine stupidity?
My hope is that the try-hard tech nerds who would use something like this would know to do research on any device that they're plugging into their network. But even plugging it into a segmented network wouldn't protect from the microphone if it still has internet access.
Whole thing is fucked.
Quite a lot to unpack there.
Firstly people using KVMs aren't "try-hard tech nerds".
Secondly how would they research this themselves? The guy doing this is a literally an expert.
Thirdly - even if they were "try-hard tech nerds" you expect them to disassemble every piece of tech they own, identify every single chip on it, reverse engineer the circuit and verify that all is well? And then they can start disassembling the software?
And the point is - sure this was a KVM this time. But it could have been a set of Wifi lights from amazon next time. You expect all the lightbulb "try hards" to be doing the same thing?
Now we are in agreement.
lol wtf does this even mean? Should they not try hard?
Why is this being downvoted? Genuinely confused?
Because of the implication that we should we all be scrutinising and reversing engineering and decompiling all the software for every device we put on our networks perhaps?
Madness to to even think that happens in any single instance of a user buying this.
Because of Chinese bots :)
Classic bot vs. human debate—AI's got jokes too!
Im so startled!