I assume they didn't intend to put a mic on the KVM product, but they wanted to make a KVM product, already had this SBC product, which reusing their existing stock of helped keep cost low.
Should they have been more up front about it it? Sure, and it's not great that they had a bunch of security issues in the FW anyway, so not exactly great, but "hidden microphone in a Chinese KVM" lets the mind wander
Given it's history I suspect there is nothing malicious going on here, just a Chinesium approach to building something. Security isn't documented so it's made of tissue paper.
You might be right but I think we cannot assume malice when it could be laziness.
It might be that the exact same board has multiple target audiences and they just rebrand it for different purposes with different pricing.
That said, the microphone is so weirdly positioned that it gets suspicious indeed.
Microphones and LEDs have been used famously for side channel attacks and also to circumvent air gaps. From a Least Power point of view this is troubling.
It doesn't strike me as that useful to have a hidden microphone in a KVM product as most of the time, they're going to be stuck in server rooms with just lots of fan noise to record.
Far more of an issue would be any kind of keylogger built into the software, which is why it's best to go for devices that support open source software.
You can exfiltrate data from a machine which is not connected to the KVM. A high-security machine may be even air-gapped most of the time, but be physically nearby.
I don’t think too many of these devices will end up in server rooms as opposed to home labs. And the ones that do end up in a datacenter are very unlikely to be allowed to ever reach the internet.
If the microphone was used for exfiltrating data, it would work against random targets that happened to let the KVM connect to the internet, and who have a nearby machine infected with some malware. That kind of non-targeted attack can be damaging but is semi-useless to the attacker.
The KVM just uses a devboard that's also sold separately and just happens to have a microphone, given how cheap the mics are having one extra SKU would probably just cost them more than savings.
Also I wouldn't really consider it "server room" product. Pretty much any new server has KVM, this is more "a hobbyist needing KVM for their home server"
Ultrawideband never caught on because it turns out that the speed of light and sound in air is frequency dependent, so you have to know the distance to the target pretty accurately and then skew the signal to send or receive. (Imagine a phased array antenna but also with a frequency domain to work out as well).
But that doesn’t mean you can’t make it function in a loud server room. The whole point of it is working in and around noise.
It would take an especially perverse mind to keylog using audio on a KVM, though. The KVM basically has access to everything, any secondary spying using a microphone or a camera would provide very little added value.
They mean the K in KVM could trivially have a keylogger. For the computers attached to that KVM. Audio is for logging for computers not attached to the device in question. Which could be up to and including a whole server room save a couple machines.
A long time ago (maybe in the mid-90s) I knew an elderly radio amateur who could not just "copy" CW by ear, but also RTTY. He could also pretty much tell what a teleprinter was printing just by listening to the noises it made, like he'd be facing away from it on the other side of the room reading out entire words from what was coming through.
Apparently in the 50s when he did his National Service he'd been in the Signals but "not in the regiment that's on his papers", make of that what you will.
I have noticed that with PSK modes and particularly PSK31 you can hear "CQ CQ CQ" as a distinctive pattern much in the same way as it is with CW.
IBM spent a fortune developing ATM keypads that - when correctly mounted - had keys that made the exact same noise no matter how you pressed them or how worn they were.
So I don't doubt that someone suitably clever could extract audio from a room and work out what was being typed.
One really-cool way to solve that problem is to embed a 7-segment LED under each keycap. You walk up to the keypad and the 0-9 digits appear in random order. No one can shoulder-surf, look for wear or IR emission from the buttons, or train on the click sounds.
Dell had those on every lab door in the building back in the early 90s. You felt like 007 every time you punched in your access code. I've never seen them anywhere since.
And now days I can't put in my card's pin without 10 overhead cameras aimed at the register area. All the cameras of which are network-connected, video stored persistently, and high res/fidelity enough to here the little beeps as I press the keys, and to know that I've hit the enter because the screen indicates it immediately. But then Dell cared about its own security, and the grocery store doesn't give a single shit about whether my life is ruined by identity theft.
Maybe. They were necessarily very cagey about it back then, but I might have some documentation kicking about in storage. I tended to keep copies of every service manual I could get my hands on back then.
https://wiki.sipeed.com/hardware/en/lichee/RV_Nano/1_intro.h...
I assume they didn't intend to put a mic on the KVM product, but they wanted to make a KVM product, already had this SBC product, which reusing their existing stock of helped keep cost low.
Should they have been more up front about it it? Sure, and it's not great that they had a bunch of security issues in the FW anyway, so not exactly great, but "hidden microphone in a Chinese KVM" lets the mind wander