Skip to content

November 7, 2017

Mechanical keyboard maker accused of keylogging as customers examine software

by John_A

Jump on Amazon to perform a search for mechanical keyboards and the cheapest solutions you find are sold by manufacturers you likely don’t know. MantisTek is one of these lesser-known keyboard makers and is now under fire for allegedly tracking the typed keys of those who own its GK2 mechanical keyboard, aka keylogging. This alleged tracking is done through the included software, which sends information to a server maintained by the Alibaba Group.

Typically, the software can be used to customize the keyboard’s RGB illumination, lighting effects, and macro assignments. But a few owners are reporting that the software sends data to an IP address owned by Alibaba. A post stemming out of Asia provides a few more detailed bits, reporting that MantisTek’s “cloud driver” is the responsible component sending data to a specific address: 47.90.52.88.

If you enter that address in a browser, a Chinese login page appears along with a link to Browse Happy. The page translates to “Cloud mouse platform background management system,” and is maintained by Shenzhen Cytec Technology Co., Ltd., which may or may not be a rechargeable battery maker located in Shenzhen, China (Cytec doesn’t appear in a web search, but Cytac does).

According to the report, the keyboard’s software sends keypress statistics to two destinations at that IP address: “/cms/json/putkeyusedata.php” and “/cms/json/putuserevent.php.” An analysis shows that all information is crossing the internet in plain text, meaning its unencrypted and exposed to anyone snooping on your internet connection. That means hackers — in addition to MantisTek — can grab anything you type, including email addresses, bank account numbers, and login credentials.

The best defense against MantisTek’s alleged keystroke snooping is to not use the GK2’s included software. Based on the product information, you can adjust the illumination and lighting effects manually on the keyboard using a combination of keys. You can do the same when recording macros.

But if you wish for the software to remain installed, then block CMS.exe in your firewall to prevent the software from sending and receiving information over the internet. To do this in Windows 10, type “Windows Firewall” into Cortana’s search field on the taskbar, click on “Windows Defender Firewall with Advanced Security.” After that, add a new Inbound and Outbound rule for CMS.exe.

Mechanical keyboards with virtually no security issues (that we know of) are typically manufactured by high-profile companies such as Razer, Corsair, Logitech, Roccat, Microsoft, Cooler Master, Thermaltake, and a few others. But even with these products, installing software should only be necessary if you want access to the keyboard’s core features. The less software you install, the happier your PC will be.

To be clear, Alibaba isn’t collecting information from owners of the MantisTek GK2 mechanical keyboard. The company provides cloud services, aka Alibaba Cloud, including an elastic compute service, a virtual private cloud, an analytic database, and anti-DDOS services. The “cloud driver” may be silently collecting information for analytic purposes rather than intentionally collecting sensitive information

Still, keylogging is unacceptable no matter the root intention.

Editors’ Recommendations

  • Need to convert a PDF into an Excel document? Try these methods
  • Here’s how to clear cookies so your browser doesn’t get fat from the munching
  • In a world saturated in Wi-Fi, there’s still room for Bluetooth Mesh
  • When disaster strikes, this secret Verizon bunker keeps your phone working
  • Worried about your online privacy? We tested the best VPN services




Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: