A recent video circulating online claims that certain USB-Ethernet adapters harbor “malware” and are allegedly designed for surveillance, purportedly by China or Russia. However, the reality behind these assertions is far less sensational than the dramatic allegations suggest.
The focus of attention is the SR9900 chip from CoreChips Shenzhen, widely regarded as a clone of the 2013 Realtek RTL8152B. These devices feature an additional SPI Flash chip on the board, sparking conspiracy theories about its purpose. However, researcher lcamtuf determined that this flash memory is used to create a virtual CD drive containing drivers, which appears when the adapter is connected.
Using SR9900 firmware tools, it was confirmed that the flash memory, with a capacity of 512 KB, stores an ISO image of 168 KB, which includes Windows drivers. This practice was typical for devices from that era, when distributing drivers via virtual CDs was still a common approach.
While, in theory, firmware-equipped devices could be susceptible to backdoors or malware, in this case, the issue appears to stem more from technological legacy than an actual security threat. It serves as a reminder of how rapidly technologies and associated practices evolve over time.
