Nano KVM: A Deep Dive into Security and Design Flaws

Nano KVM: A Deep Dive into Security and Design Flaws

Remote management of computers has become increasingly crucial in modern IT environments. Devices like KVMs (Keyboard, Video, Mouse) over IP offer solutions for accessing and controlling computers remotely. However, the Nano KVM devices by Saipede present a mixed bag of innovative hardware and concerning software implementations.

Hardware Overview

The Nano KVM comes in three models: Light, Regular, and PCIe.

• Light: A compact unit with wired Ethernet, HDMI, and USB-C connectivity, based on the Alici RV Nano, a RISC-V system on chip.
• Regular: Similar to the Light model in terms of the baseboard, but includes a box, additional buttons, and a power control board for managing power and reset switches.
• PCIe: Designed to fit into a PCIe slot, but primarily utilizes USB, HDMI, and Ethernet. It includes Wi-Fi and PoE (Power over Ethernet) capabilities. It uses the PCI form factor primarily as a bracket.

While the hardware exhibits a degree of innovation, particularly in its compact design and use of RISC-V architecture, significant concerns arise when examining the software and security aspects.

Security Vulnerabilities and Design Flaws

Several critical security issues plague the Nano KVM devices. These range from basic oversights to more concerning design choices that could compromise system security.

• Default Credentials: Older firmware versions defaulted to admin/admin or root/root credentials, a major security risk.
• Insecure Password Storage: Passwords are encrypted using AES with a hardcoded key (nano KVM-SYP in 2024) without proper key derivation functions or salting. This makes password decryption trivial for anyone intercepting the HTTP traffic.
• Unencrypted HTTP Traffic: The web UI transmits login credentials over unencrypted HTTP, exposing them to network sniffing.
• Sketchy Binary Downloads: The device downloads a custom-built, device-specific library (libmixcamlib.so) from a Chinese server. This library is not checked for integrity and contains code that validates the device's serial number, raising concerns about potential backdoors or unauthorized access.
• Custom RISC-V Opcodes: The custom library utilizes undocumented RISC-V opcodes, obscuring its functionality and hindering security analysis.
• Forced Tailscale Integration: The devices attempt to connect to Tailscale servers out-of-the-box, even without user configuration, potentially opening unintended network connections and firewall holes.
• Hardcoded DNS Servers: The devices ignore DHCP-provided DNS servers and instead use hardcoded DNS servers, including those belonging to Google, Tencent, and Alibaba, raising privacy concerns.
• Abuse of USB-C: The regular version uses USB-C ports for functions besides USB (power, switch control), which is against the intended purpose of the connector.

Open Source Concerns

While the Nano KVM is advertised as open source, the reality is more nuanced. The images are outdated (3 months), and it's using a library that has to be compiled for a specific chip to get the HDMI input, undermining the spirit of open source development and collaboration. Some have suggested that they open sourced their software to get help with fixing their firmware problems.

Alternative Solution

One might ask why the developers didn't use the PyKVM? As it turns out, the BSB doesn't support V4L2, so they are forced to build it from scratch.

Should You Buy It?

While the hardware of the Nano KVM is decent and the price point is attractive, the software and security flaws are too significant to ignore. The device's vulnerabilities could expose systems to unauthorized access, data breaches, and other security risks. Until these issues are addressed, it is difficult to recommend the Nano KVM for use in any security-conscious environment.

The question then arises: What is the path forward for such devices? Which security standards must be adhered to so that consumers can be confident of their integrity?

Comments are closed.