1 rich Libsyn https://www.libsyn.com 90 600 In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices in enterprise environments. Chapters 00:00 Introduction to KVM Vulnerabilities 03:00 Research Background and Team Introduction 05:57 Exploring GLINet and Initial Findings 09:03 Firmware Analysis and Security Expectations 11:58 Vulnerability Disclosure and Response 15:07 Enterprise Risks and Deployment Concerns 17:59 Security Best Practices for KVMs 21:06 Vendor Responses and Community Engagement 23:49 Unique Vulnerabilities in SiP and JetKVM 27:01 Conclusion and Future Directions 31:26 Vulnerability Research and Tool Development 34:14 Vendor Communication and Disclosure Challenges 37:51 Firmware Update Issues and Security Concerns 39:12 The Importance of Reviews and Brand Trust 41:42 Security Best Practices for KVMs 45:38 Network Segmentation and Device Security 49:26 Discovering IoT Devices on the Network 52:11 Open Source Solutions and Community Engagement 55:58 The Future of KVM Security and Regulation Below the Surface (Audio) - The Supply Chain Security Podcast https://eclypsium.com/ <iframe title="Libsyn Player" style="border: none" src="//html5-player.libsyn.com/embed/episode/id/40623610/height/90/theme/custom/thumbnail/yes/direction/forward/render-playlist/no/custom-color/88AA3C/" height="90" width="600" scrolling="no" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe> https://assets.libsyn.com/secure/content/200123745