MantisTek GK2's Keylogger Is A Warning Against Cheap Gadgets (Updated)

Updated, 11/7/2017, 8:40am PT: An earlier version of the article stated that the keyboard's software was sending key presses. However, in a closer look, it seems that the Cloud Driver software doesn't send the key presses to the Alibaba server but only how many times each key has been pressed.

Assuming no malicious intent, it's possible that the keyboard maker wanted this sort of data in order to see the lifetime of its keyboard's keys or see which keys it needs to make more durable. However, doing this sort of tracking without user permission still seems like a violation of user trust. It could also be a violation of privacy laws in the European Union, where such consent needs to be explicit.

Original, 11/6/2017, 9:30am PT:

Multiple online user reports claim that the MantisTek GK2 mechanical keyboard's configuration software is sending data to an Alibaba server. One of the reports even includes an analysis of the software’s traffic, which seems to include how many times keys have been pressed.

The MantisTek GK2 is a cheap RGB mechanical keyboard from China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy issues caused by collecting user data without consumers' explicit permission. The MantisTek GK2 seems to be one of those products.

The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.

The data being sent—in plaintext, no less— has been identified as a count on how many times keys have been pressed.

How To Stop The Keylogger

The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.

The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”

If you want a one-click method, you can also download the free GlassWire network monitoring tool. GlassWire will show you all the apps making connections to the internet in the “Alerts” tab and let you block those connections in the “Firewall” tab. It can also be used for other types of connections, such as all the connections Windows 10 makes to Microsoft’s servers even when you have most or all data tracking disabled.

These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other "features" that shouldn't be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces. Not all products are going to have privacy or security issues, but extra caution is warranted.

This thread is closed for comments
    Your comment
  • Jeff Fx
    The phrase "Cloud Driver" raises a red flag right there. There's no reason for a keyboard to send or receive data on the Internet.
  • dextermat
    This practice is disgusting and it seems all companies are hopping aboard.
  • fiber0ptic.cell
    China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy

    Thank you China...again...

    FIBER0PTIC/FBR,The HUMBLE Guys, Napalm and Worship Inc.