Hello and welcome to the Tuesday, December 9th, 2025 edition of the Sands

and then at Storm Center's Stormcast. My name is Johannes Ulrich, recording today from

Jacksonville, Florida. And this episode is brought you by the Sands.edu credit certificate program in Purple Team Operations.

I would imagine that many of you listening have seen a device being advertised, the nano-KBM.

KVM stands for keyboard, video, and mouse switcher, which is a little IP-accessible device that gives you remote access to the keyboard,

video and mouse of a particular device that you connected to. Now, this device does not scream

secure. It screams cheap and it's advertised as the cheapest possible device to accomplish this

IP access to your keyboard and video screen.

So a little cheap way to get basically remote access to a system, even if like power fails

and the like.

Which is definitely something nice to have.

And I have actually one here at home and I've been playing with it, and definitely

it works. But of course, the security aspect here comes in, in particular, since the device

has had a number of clearing security faults, like bad hashing and encryption of passwords,

things like an SSH server is enabled by default with default password, and

researchers had had a hard time to convince the maker to fix some of these vulnerabilities.

The latest issue is that the entire firmware update process is insecure, in particular

the update of a binary blob, that's sort of the proprietary part of these

devices. So that, of course, opens up the possibility of evil updates being slipped in here.

The other thing that came out this week was that the motherboard

of the device includes a microphone

with no obvious reason

...