All this, paired with the discovery of a tiny surface-mount microphone, should make any user suspicious of the device’s true intentions. The researcher said the microphone is not documented in product materials, yet the operating system includes ALSA tools such as amixer and arecord that can activate it immediately. With default SSH credentials still present on many deployed units, the researcher demonstrated that audio could be recorded and exfiltrated with minimal effort, and streaming that audio in real time would require only modest additional scripting.
Follow Tom's Hardware on Google News , or add us as a preferred source , to get our latest news, analysis, & reviews in your feeds.
Luke James Social Links Navigation Contributor Luke James is a freelance writer and journalist. Although his background is in legal, he has a personal interest in all things tech, especially hardware and microelectronics, and anything regulatory.
SonoraTechnical Of course they did… Crickets in here without any direct link to the Article Comment Section…. but I guess that's the idea… Reply
ezst036 I stay away from Chinese tech at all costs for this very reason. You just never know, and the Chinese government is not content enough with spying on its own citizens. It needs to spy on everyone else too. Reply
bit_user From the story, what I see is a device that's ripe for exploitation, but doesn't obviously have backdoors planted for such a purpose. It looks much more like amateur hour than a serious attempt to backdoor IT infrastructure. As for the microphone, that has some totally non-nefarious applications, in a KVM. For instance, being able to remotely switch it on to listen for beeps or other unusual noises. In fact, you could even use an anomaly detection model that learns what the environment is supposed to sound like and raises an alarm when it hears anything different. I'm not trying to excuse the device's flaws, but I do think the story is being over-hyped. Reply
bit_user ezst036 said: I stay away from Chinese tech at all costs for this very reason. You just never know, and the Chinese government is not content enough with spying on its own citizens. It needs to spy on everyone else too. This really doesn't seem like a planted back door by anyone competent (and you best believe the Chinese government has some competent cybersecurity folks). The reason being that, when you backdoor stuff, you want to try and hide it so that: It's not discovered and disabled or mitigated by potential victims. It's not used by your enemies or criminals to attack your own infrastructure. So, I'd ask that people use some common sense, when viewing stories of this kind. I'm not saying there are no back doors, but the ones we should worry about are like that attempted xz exploit that nearly succeeded. In fact, we should worry how many similar exploits like that might've gone in that haven't been discovered! Reply
Insidei Specs Audio interface: Audio Output: Onboard PA amplifier, can directly connect speakers under 1W Audio Input: Onboard analog silicon microphone, capable of direct sound reception Lol Reply
SirStephenH That's not going to be a high quality mic and it looks pretty well buried inside, surrounded by multiple circuit boards and a plastic case. I'd be interested to know what, if anything, it could hear and at what distance. I wouldn't be surprised to find out that it's just an off-the-shelf part that comes that way. It's still concerning, but not as concerning as all of the security holes. Reply
SkyBill40 To be honest, I'm rather surprised the comments are turned on for this story. Reply
taymorf So no Samsung, no Motorola, no USA technology Reply
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm#main
- https://www.tomshardware.com
- Bambu Lab's end-of-year sale is live with up to 35% off — score huge discounts on 3D printers and accessories while you can
- NVIDIA Partners With Mistral AI to Accelerate New Family of Open Models
- 3D Printing Holiday Gift Guide: What to Buy for Makers in 2025
- The Ultimate Black Friday Deal Is Here
- How NVIDIA H100 GPUs on CoreWeave’s AI Cloud Platform Delivered a Record-Breaking Graph500 Run
Informational only. No financial advice. Do your own research.