Popular budget mechanical keyboard found to contain hidden keylogger

William Gayde

William Gayde

Posts: 382   +5
Staff

If you are the owner of a MantisTek GK2 mechanical keyboard, you may want to change your passwords. Users are reporting strange network connections being made by its accompanying software that point to an IP connected with Alibaba's cloud servers. A packet analysis shows that the data being sent to the Chinese server includes keys typed by the user.

This keyboard is extremely cheap and it looks like MantisTek is trying to offset the cost by selling its users' key press data. The physical keyboard itself is fine but the software package that comes with it is where the troubles lie.

The "Cloud Driver" software regularly sends packets to an IP tied to servers controlled under Alibaba. The Chinese e-commerce giant sells cloud computing services just like Amazon and Google so it's likely that they are not using the data directly. This data is also being sent as plaintext nonetheless.

Thankfully, stopping the keylogger is extremely simple. Disabling the Cloud Driver software from running in the background should do the trick. Another method is to block network access for the CMS.exe process in your firewall. This can be accomplished by adding a new outbound firewall rule for the Cloud Driver. Tom's Hardware recommends using the GlassWire network monitoring tool for those that want a one-click resolution method.

While most mainstream products are thoroughly vetted for privacy and security concerns, buying directly from the Chinese manufacturer does not always grant you this luxury. It's up to the consumer to decide if the cheaper price is worth the potential risk.

Permalink to story.

https://www.techspot.com/news/71768-popular-budget-mechanical-keyboard-found-contain-hidden-keylogger.html

 
"Thankfully, stopping the keylogger is extremely simple. Disabling the Cloud Driver software from running in the background should do the trick. Another method is to block network access for the CMS.exe process in your firewall. This can be accomplished by adding a new outbound firewall rule for the Cloud Driver."
Click to expand...
Blocking network access whilst allowing the keylogger to continue to run is a "fix"? Seriously? Quite honestly if I owned this (or any other peripheral with a keylogger), it would go straight in the bin on principle, followed swiftly by a reformat + full Windows reinstall...
 
  • Like
Reactions: Reehahs, psycros and Mister_K
What about the chinesse tablets and smartphones?, an unknow chinesse software enginer maybe could install a keylooger on the tablet and record all your passwords.
 
Uncle Al said:
Does anything the Chinese do surprise us any longer? God only knows what they hide in that toilet paper they sell over here .....
Click to expand...

Like the NSA intercept of Cisco networking hardware is much better? Or any of your international spying programs? Or anything the CIA has done in the last half century?

Get off your high horse.
 
  • Like
Reactions: SirChocula
Jamlad said:
Like the NSA intercept of Cisco networking hardware is much better? Or any of your international spying programs? Or anything the CIA has done in the last half century?

Get off your high horse.
Click to expand...

Big difference between Chinese business shenanigans and the U.S. surveillance state. Apples and oranges.
 
  • Like
Reactions: mgwerner and psycros
Am I the only one who read this article completely and thought, "ooh I should buy one of these and just not install the software?" They're selling a good keyboard for less than it should cost in the hopes you install the software, but if you don't, you just got a good deal eh?
 
OutlawCecil said:
Am I the only one who read this article completely and thought, "ooh I should buy one of these and just not install the software?" They're selling a good keyboard for less than it should cost in the hopes you install the software, but if you don't, you just got a good deal eh?
Click to expand...

Fool me once, fool me twice applies here. No telling what else may be covertly included with that K/B at this point.
 
If this doesn't convince people to stop buying Chinese brands I don't know what will. Remember, China is NOT a representative government and their military *trains* their business professionals to spy on foreigners. When you hire a Chinese national you are putting your trade secrets at risk, so think twice about saving a buck on H1B serfs.
 
  • Like
Reactions: TheBigT42
We have obtained a picture of the server room
hillary-on-reddit-march-6-2016-1280x720.jpg
 
  • Like
Reactions: TheBigT42
dj2017 said:
False alarm based on an update in Tom's article.
Damn I did lost some time with this news.
Click to expand...

It is fun to see people jump to immediate conclusions though. Glad Tom's updated their post (they should do a change of the title). Considering Techspot is simply reporting this: They need to update their title and publish an update as well.
 
You must log in or register to reply here.

Similar threads

midian182
Meta will blur images containing nudity in Instagram messages to under 18s
Replies
6
Views
82
Nobina
Nobina
Daniel Sims
This Hi-Fi mechanical keyboard integrates onboard DACs and an amplifier
Replies
5
Views
283
Manu Arg
Manu Arg
midian182
Google launches Chrome Enterprise Premium, a paid-for browser with advanced security features
Replies
7
Views
100
noXLar
noXLar

Latest posts

Back