MantisTek GK2's Keylogger Is A Warning Against Cheap Gadgets (Updated)

Updated, 11/7/2017, 8:40am PT: An earlier version of the article stated that the keyboard's software was sending key presses. However, in a closer look, it seems that the Cloud Driver software doesn't send the key presses to the Alibaba server but only how many times each key has been pressed.

Assuming no malicious intent, it's possible that the keyboard maker wanted this sort of data in order to see the lifetime of its keyboard's keys or see which keys it needs to make more durable. However, doing this sort of tracking without user permission still seems like a violation of user trust. It could also be a violation of privacy laws in the European Union, where such consent needs to be explicit.

Original, 11/6/2017, 9:30am PT:

Multiple online user reports claim that the MantisTek GK2 mechanical keyboard's configuration software is sending data to an Alibaba server. One of the reports even includes an analysis of the software’s traffic, which seems to include how many times keys have been pressed.

The MantisTek GK2 is a cheap RGB mechanical keyboard from China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy issues caused by collecting user data without consumers' explicit permission. The MantisTek GK2 seems to be one of those products.

The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.

The data being sent—in plaintext, no less— has been identified as a count on how many times keys have been pressed.

How To Stop The Keylogger

The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.

The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”

If you want a one-click method, you can also download the free GlassWire network monitoring tool. GlassWire will show you all the apps making connections to the internet in the “Alerts” tab and let you block those connections in the “Firewall” tab. It can also be used for other types of connections, such as all the connections Windows 10 makes to Microsoft’s servers even when you have most or all data tracking disabled.

These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other "features" that shouldn't be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces. Not all products are going to have privacy or security issues, but extra caution is warranted.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Jeff Fx
    The phrase "Cloud Driver" raises a red flag right there. There's no reason for a keyboard to send or receive data on the Internet.
  • dextermat
    This practice is disgusting and it seems all companies are hopping aboard.
  • fiber0ptic.cell
    China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy

    Thank you China...again...

    FIBER0PTIC/FBR,The HUMBLE Guys, Napalm and Worship Inc.
  • dark_lord69
    20348853 said:
    The MantisTek GK2 mechanical keyboard comes with a hidden feature: a keylogger.

    MantisTek GK2's Keylogger Is A Warning Against Cheap Gadgets : Read more

    I couldn't agree more!
    Keyboard and "Cloud" do not belong together. EVER EVER EVER!!!!

    The only things I save to the cloud are items that wouldn't be devastating to have the entire world seeing it.
    Cloud = on a billboard for the world to see
    If you think about cloud security like that you won't have issues when the company gets hacked or a rouge employee decides to do something stupid.
  • peterf28
    This reminds me of a IP camera i ordered from aliexpress, it was sitting on my desk for 2 months, turned on, was just testing it, etc... After 2 months I noticed in my router administration web interface, that the camera had opened 2 UPnP ports on my router, and is communicating via UDP to some chinese addresses. Now someone in china has probably a picture of me watching porn w4nk1ng off ...

    udp communication

    upnp ports
    Destination Proto. Port range Redirect to Local port
    ALL UDP 6600 6600
    ALL UDP 6602 6602
    ALL TCP 1935 1935
  • Aggnog
    This used to be a reputable website for hardware reviews. Now you have clickbait titles, clickbait ads you can't remove. And clickbait articles in which the reviewer did not even bother to verify any facts they just copied from reddit. Guess this is the dailymail of the pc world now.
  • therealduckofdeath
    Isn't IDG's PC World the Daily Mail of the PC World? I haven't really read any news on any IDG sites for years, but last I checked they definitely were. :)
    That said, no one should have to remind a tech blog about fact checking when they're running a story like this.