Key Presses recorded by MantisTek GK2 sent to an Alibaba Cloud Server
This case with the MantisTek keyboards should be an eye-opener for a lot of people. Many cheap mechanical keyboards are on the rise. They might not be Cherry MX based, but it does give the mechanical actuation that a lot of people love. I have even reviewed keyboards such as Motospeed CK108 and the Havit LP switch based keyboards.
Here’s a news which will warn you to be careful to choose any keyboard with a blind faith.
Many users with MantisTek GK2 RGB mechanical keyboard complained about its driver collecting its key presses. One of the users shows its driver called ‘Cloud Driver’ is embedded with a keylogger transmitting every key press to an Alibaba cloud.
This isn’t the first Chinese product with a network security concern. But seeing it on a keyboard is very close to the heart of a PC enthusiast of any types. Naturally, the consequences of this are serious. Key presses include typing login and password credentials of anything- from signing in a website to your bank account. As per the screen capture, these key presses are recorded and sent to a private server. In any case, you will ask: Why do you need to record key presses and have it transmit to a cloud server.
Companies like Alibaba and Google send cloud services. The individuals behind the MantisTek GK2 keyboard have purchased Alibaba’s cloud computing services. According to the finding by one of the users, the data was transmitted to a server using an IP address 18.104.22.168.
This IP address leads to an admin login page with the title “Cloud mouse platform background management system”. The copyright tag at its bottom leads to a company called Shenzhen Semitek Co. LTD. As you can see from its website, it makes keyboards and mouse. Semitek most likely owns the gaming brand MantisTek.
What should you do???
The wise course of action for such users would be to block such drivers via the firewall. This also applies for any cheap keyboards even if it is from a domestic brand as they usually make a bulk purchase and simply slap their name on it. When you access your firewall, do see if anything which matches the description of your keyboard/model (or which does not match with anything you use in your PC which uses an internet connection). If you do so, block and uninstall the driver.
I’ve checked with keyboards from Motospeed and Havit, which do not have this issue. Naturally, not all companies or products from China will be the same business model but keeping an eye out for any suspicious activity via a firewall’s monitoring tool.
Problems with domestic brands
The issue with domestic brands in India is something to admire sarcastically. They shy and even deny outsourcing the end product from an unknown OEM. Product A from a domestic brand A could be from OEM A, while the domestic brand A may have another product next to it made by OEM B. It ranges from flash drives, RAMs, keyboards, mouse, headsets and a lot more. They even get overclockers, YouTubers, gamers and cosplayers to endorse them, masquerading as reviewers.
Mostly, I don’t review products from such brands (with an exception of a couple of them in the distant past) because they’re always in denial and also a risk of involving bait-and-switching of OEMs with existing models or sub-branding. Once upon a time, a young manchild gave me a call to greet me with futile attempts of cute arguments and denial who started fumbling when I asked about the OEM. For us, it matters because if they deny the OEM’s identity, the involvement of the OEM’s intent will be denied. While rebranding and relabelling is not necessarily a bad thing. Whom they source the end product from is important.
— Hardware BBQ (@HardwareBBQ) November 7, 2017