Popular budget mechanical keyboard found to contain hidden keylogger

William Gayde

Posts: 382   +5
Staff member

If you are the owner of a MantisTek GK2 mechanical keyboard, you may want to change your passwords. Users are reporting strange network connections being made by its accompanying software that point to an IP connected with Alibaba's cloud servers. A packet analysis shows that the data being sent to the Chinese server includes keys typed by the user.

This keyboard is extremely cheap and it looks like MantisTek is trying to offset the cost by selling its users' key press data. The physical keyboard itself is fine but the software package that comes with it is where the troubles lie.

The "Cloud Driver" software regularly sends packets to an IP tied to servers controlled under Alibaba. The Chinese e-commerce giant sells cloud computing services just like Amazon and Google so it's likely that they are not using the data directly. This data is also being sent as plaintext nonetheless.

Thankfully, stopping the keylogger is extremely simple. Disabling the Cloud Driver software from running in the background should do the trick. Another method is to block network access for the CMS.exe process in your firewall. This can be accomplished by adding a new outbound firewall rule for the Cloud Driver. Tom's Hardware recommends using the GlassWire network monitoring tool for those that want a one-click resolution method.

While most mainstream products are thoroughly vetted for privacy and security concerns, buying directly from the Chinese manufacturer does not always grant you this luxury. It's up to the consumer to decide if the cheaper price is worth the potential risk.

Permalink to story.

 

BSim500

Posts: 919   +2,170
"Thankfully, stopping the keylogger is extremely simple. Disabling the Cloud Driver software from running in the background should do the trick. Another method is to block network access for the CMS.exe process in your firewall. This can be accomplished by adding a new outbound firewall rule for the Cloud Driver."
Blocking network access whilst allowing the keylogger to continue to run is a "fix"? Seriously? Quite honestly if I owned this (or any other peripheral with a keylogger), it would go straight in the bin on principle, followed swiftly by a reformat + full Windows reinstall...
 

ManuelV

Posts: 158   +83
What about the chinesse tablets and smartphones?, an unknow chinesse software enginer maybe could install a keylooger on the tablet and record all your passwords.
 
J

Jamlad

Does anything the Chinese do surprise us any longer? God only knows what they hide in that toilet paper they sell over here .....

Like the NSA intercept of Cisco networking hardware is much better? Or any of your international spying programs? Or anything the CIA has done in the last half century?

Get off your high horse.
 
D

davislane1

Like the NSA intercept of Cisco networking hardware is much better? Or any of your international spying programs? Or anything the CIA has done in the last half century?

Get off your high horse.

Big difference between Chinese business shenanigans and the U.S. surveillance state. Apples and oranges.
 

OutlawCecil

Posts: 739   +570
Am I the only one who read this article completely and thought, "ooh I should buy one of these and just not install the software?" They're selling a good keyboard for less than it should cost in the hopes you install the software, but if you don't, you just got a good deal eh?
 
D

davislane1

Am I the only one who read this article completely and thought, "ooh I should buy one of these and just not install the software?" They're selling a good keyboard for less than it should cost in the hopes you install the software, but if you don't, you just got a good deal eh?

Fool me once, fool me twice applies here. No telling what else may be covertly included with that K/B at this point.
 

psycros

Posts: 4,453   +6,641
If this doesn't convince people to stop buying Chinese brands I don't know what will. Remember, China is NOT a representative government and their military *trains* their business professionals to spy on foreigners. When you hire a Chinese national you are putting your trade secrets at risk, so think twice about saving a buck on H1B serfs.
 

commanderasus

Posts: 225   +99
We have obtained a picture of the server room
hillary-on-reddit-march-6-2016-1280x720.jpg
 

kapital98

Posts: 411   +375
False alarm based on an update in Tom's article.
Damn I did lost some time with this news.

It is fun to see people jump to immediate conclusions though. Glad Tom's updated their post (they should do a change of the title). Considering Techspot is simply reporting this: They need to update their title and publish an update as well.