Not great that LTT just recommended these as a tech gift. 
LTT did respond to the issue on their forum.
In regard to the security concerns, Sipeed has addressed them since they were raised in 2024. Since the initial concerns, the software has been opened up much more and is available to review on their Github. Sipeed also has a response in their GitHub issues from February of this year. The microphone is disclosed in their breakdown of hardware here, which is there because they built off the LycheeRV Nano E board.
Wendell chatted a bit about the concerns in his video about the PCIe KVM that SiPeed released here. His conclusion was that the device has a reasonable balance of security vs. functionality.
There has been some discussion in the LTT subreddit as well where you can see posts about how the security of these devices changed over time.
I was about to post a rant about having trust issues with Chinese devices and open source software winning when it comes to auditability. Thankfully Jeff Geerling’s made a nuanced video below:
TLDW: These devices are cheaply made RISC-V devboards and the folks at Sipeed made it quick, cheap and dirty.
Who’s next JetKVM…? 
Damn, annoying that even hardware is not trustworthy as of lately.
I hate supply chain attacks like these. There should be something like a Hardware Bill of Attestation requirement so people can actually audit these devices without needing to inspect it themselves at home.
Will you really still trust that attestation if it originates from China? That country may as well be a black box when it comes to trustworthy tech.
It was pointed out to me before that one will never solve physical attacks with software. I am not aware of any applied research in this area either to counter that argument.
Short of physical mitigations (at scale for mass-produced hardware) like inspection,[1] / policy+law,[1:1] I don’t think there’s another viable solution to this.
Some folks do think hardware-based attacks are less likely on consumer-grade devices… How to Prevent OEM Software and Hardware from Spying on You? - #9 by pinkandwhite (I am not that optimistic).
“That is pretty unlikely and would show up in physical inspection, servicing. Also any device sold in the US with cellular access needs a FCC authorization so there isn’t any way to legally hide this in a device.” How to Prevent OEM Software and Hardware from Spying on You? - #10 by dngray ↩︎ ↩︎