Edit 2, 12/17/2025 3:45am PT: Sipeed has contacted Tom's Hardware to dispute the researchers' claims. Sipeed says the microphone was listed on a Wiki page for the LicheeRV Nano at launch. The LicheeRV Nano is a development board used for the product. However, the microphone was not listed or mentioned directly on the NanoKVM Wiki page at launch. Instead, Sipeed linked to a document that detailed the LicheeRV Nano and its microphone. Sipeed has added a direct reference to the microphone on the NanoKVM Wiki page.
In response to the issues, Sipeed has now added a note about the microphone to its retail listing for the 'Developer Edition' models that include it. Sipeed has also notified its authorized distributors to update their listings. "Sipeed also notes that while the text description was missing on original retail pages, the high-resolution product images provided always clearly displayed the microphone component. There was never any intentional concealment of its existence," the company says.
In February, a Slovenian security researcher published an analysis of Sipeed’s NanoKVM that raised far-reaching concerns about the €30-€60 ($35-70) remote management device. Alarmingly, the researcher’s teardown showed the device shipped with a catalogue of security failures and an undocumented microphone that could be activated over SSH. After reporting the issues, many of those problems have been addressed over the intervening months.
The NanoKVM’s network behavior raised further questions, as it routed DNS queries through Chinese servers by default and made routine connections to Sipeed infrastructure to fetch updates and a closed-source binary component. The key verifying that component was stored in plain text on the device, and there was no integrity check for downloaded firmware.
The underlying Linux build was also a heavily pared-down image without common management tools, yet it included tcpdump and aircrack, utilities normally associated with packet inspection and wireless testing rather than production hardware intended to sit on privileged networks.
All this, paired with the discovery of a tiny surface-mount microphone, should make any user suspicious of the device’s true intentions. The researcher said the microphone is not documented in product materials, yet the operating system includes ALSA tools such as amixer and arecord that can activate it immediately. With default SSH credentials still present on many deployed units, the researcher demonstrated that audio could be recorded and exfiltrated with minimal effort, and streaming that audio in real time would require only modest additional scripting.
Thankfully, because NanoKVM is nominally open source, community members have begun porting alternative Linux distributions, first on Debian and later Ubuntu. Reflashing requires opening the case and writing a new image to the internal microSD card, but early builds already support Sipeed’s modified KVM code. Physically removing the microphone is possible, though the component’s size and placement make it a fiddly job without magnification. Sipeed has since addressed many of the security concerns around the device. However, the general consensus is that users should flash these devices to custom Linux distributions to mitigate potential issues, and many reviewers currently recommend Sipeed products for use in homelab environments.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.