How Cheap KVMs Could Be Your Network's Weak Link - BTS #70 episode artwork

EPISODE · Mar 25, 2026 · 1H 2M

How Cheap KVMs Could Be Your Network's Weak Link - BTS #70

from Below the Surface (Audio) - The Supply Chain Security Podcast · host Paul Asadoorian

In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices in enterprise environments. Chapters 00:00 Introduction to KVM Vulnerabilities 03:00 Research Background and Team Introduction 05:57 Exploring GLINet and Initial Findings 09:03 Firmware Analysis and Security Expectations 11:58 Vulnerability Disclosure and Response 15:07 Enterprise Risks and Deployment Concerns 17:59 Security Best Practices for KVMs 21:06 Vendor Responses and Community Engagement 23:49 Unique Vulnerabilities in SiP and JetKVM 27:01 Conclusion and Future Directions 31:26 Vulnerability Research and Tool Development 34:14 Vendor Communication and Disclosure Challenges 37:51 Firmware Update Issues and Security Concerns 39:12 The Importance of Reviews and Brand Trust 41:42 Security Best Practices for KVMs 45:38 Network Segmentation and Device Security 49:26 Discovering IoT Devices on the Network 52:11 Open Source Solutions and Community Engagement 55:58 The Future of KVM Security and Regulation

NOW PLAYING

How Cheap KVMs Could Be Your Network's Weak Link - BTS #70

0:00 1:02:56

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Below the Surface (Audio) - The Supply Chain Security Podcast?

This episode is 1 hour and 2 minutes long.

When was this Below the Surface (Audio) - The Supply Chain Security Podcast episode published?

This episode was published on March 25, 2026.

What is this episode about?

In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the...

Can I download this Below the Surface (Audio) - The Supply Chain Security Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!