This keyboard isn't logging keystrokes but does sends key press data to the cloud

News
By Paul Lilly
published

Sketchy behavior.

PC peripheral maker MantisTek is getting raked over the coals for what was initially reported as an embedded keylogger in its G2K mechanical keyboard. What's happening is less sinister, but is still drawing criticism.

A user on the RBT Asia forums noticed that his GK2 was sending data packets to an Alibaba.com server. At first glance, it appeared the keyboard's cloud driver was acting as a keylogger. But upon closer examination it was later discovered that only key presses were being sent—that is, the number of times each key is mashed, as opposed to capturing exactly what it is a user is typing.

The story gained steam when it was posted to Reddit.

"So apparently the software of the MantisTek GK2 is sending all our key presses to an Alibaba.com server! This is sick, imagine the level of information they have about passwords and logins," a Reddit user wrote.

While the data is sent in plain text, it does not appear to contain information about specific keys, so it would not be possible to decipher sensitive text, such as passwords. However, it is not clear why MantisTek is collecting key press data in the first place.

One theory is that MantisTek simply wants to monitor the durability of its keyboards by examining the failure rate in relation to key presses. The company hasn't commented, so it's anyone's guess right now.

Whatever the reason, sending plain text data about key presses to the cloud is a bit unsettling. Even though the behavior might be relatively benign at the moment, true keylogging could be a simple driver update away. It would have been different if MantisTek was up front about this, but as it stands, the GK2 sends key press data without informing the user or gaining consent.

For those affected, there are some workarounds. The easiest is to make sure the cloud driver software is running in the background. Another way to prevent the data collection is to configured your firewall to block the CMS.exe executable. This can be done by adding a new firewall rule for the cloud driver in the "Windows Defender Firewall With Advanced Security."

Paul Lilly
Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

See comments