Mechanical keyboard maker accused of keylogging as customers examine software

keylogging
Jump on Amazon to perform a search for mechanical keyboards and the cheapest solutions you find are sold by manufacturers you likely don’t know. MantisTek is one of these lesser-known keyboard makers and is now under fire for allegedly tracking the typed keys of those who own its GK2 mechanical keyboard, aka keylogging. This alleged tracking is done through the included software, which sends information to a server maintained by the Alibaba Group.

Typically, the software can be used to customize the keyboard’s RGB illumination, lighting effects, and macro assignments. But a few owners are reporting that the software sends data to an IP address owned by Alibaba. A post stemming out of Asia provides a few more detailed bits, reporting that MantisTek’s “cloud driver” is the responsible component sending data to a specific address: 47.90.52.88.

If you enter that address in a browser, a Chinese login page appears along with a link to Browse Happy. The page translates to “Cloud mouse platform background management system,” and is maintained by Shenzhen Cytec Technology Co., Ltd., which may or may not be a rechargeable battery maker located in Shenzhen, China (Cytec doesn’t appear in a web search, but Cytac does).

According to the report, the keyboard’s software sends keypress statistics to two destinations at that IP address: “/cms/json/putkeyusedata.php” and “/cms/json/putuserevent.php.” An analysis shows that all information is crossing the internet in plain text, meaning its unencrypted and exposed to anyone snooping on your internet connection. That means hackers — in addition to MantisTek — can grab anything you type, including email addresses, bank account numbers, and login credentials.

The best defense against MantisTek’s alleged keystroke snooping is to not use the GK2’s included software. Based on the product information, you can adjust the illumination and lighting effects manually on the keyboard using a combination of keys. You can do the same when recording macros.

But if you wish for the software to remain installed, then block CMS.exe in your firewall to prevent the software from sending and receiving information over the internet. To do this in Windows 10, type “Windows Firewall” into Cortana’s search field on the taskbar, click on “Windows Defender Firewall with Advanced Security.” After that, add a new Inbound and Outbound rule for CMS.exe.

Mechanical keyboards with virtually no security issues (that we know of) are typically manufactured by high-profile companies such as Razer, Corsair, Logitech, Roccat, Microsoft, Cooler Master, Thermaltake, and a few others. But even with these products, installing software should only be necessary if you want access to the keyboard’s core features. The less software you install, the happier your PC will be.

To be clear, Alibaba isn’t collecting information from owners of the MantisTek GK2 mechanical keyboard. The company provides cloud services, aka Alibaba Cloud, including an elastic compute service, a virtual private cloud, an analytic database, and anti-DDOS services. The “cloud driver” may be silently collecting information for analytic purposes rather than intentionally collecting sensitive information

Still, keylogging is unacceptable no matter the root intention.

Mobile

HMD Global is moving all Nokia user data to Finland to better protect it

HMD Global announced that in an effort to protect user data, it will be moving installation data and performance data to a Google Cloud data center in Hamina, Finland. According to Nokia, the move will allow it to better leverage data…
Mobile

Need a do-over? Here's how to factory reset an iPhone, from XS on down

Resetting an iPhone can alleviate all sorts of software woes, and wipe away personal data should you sell your device or give it to someone else. Here's how to factory reset an iPhone from within iOS or iTunes.
Emerging Tech

Your smartphone could be the key to predicting natural disasters

A challenge for atmospheric scientists is gathering enough data to understand the complex, planet-wide weather system. Now a scientist has come up with a clever idea to gather more data using smartphones and Internet of Things devices.
Home Theater

Netflix can drain your data in a hurry. Here's how to turn it down a notch

Ever wondered how much data you need to stream a show (or movie) on Netflix? You aren't alone. The answer could be anywhere from 1GB per hour to 7GB per hour, but there's more to it than that. Here's how to control your Netflix data.
Deals

Dell sale drops up to $895 off Alienware and XPS 13 laptops for grads

If you’re sniffing around for a new PC and are hunting for a deal, Dell has a couple of its best offerings – the mighty Alienware 17 gaming laptop and the super-sleek Dell XPS 13 ultrabook – on sale right now at pretty solid…
Computing

The best webcams you can buy are mostly made by Logitech

Webcams are a bundled feature in most laptops, but if yours doesn't have one or you're video conferencing on a desktop, you might need a standalone webcam. These are the best webcams you can buy.
Computing

Forget Facebook: These are the 5 weirdest cryptocurrencies you can buy today

Though cryptocurrency may sound like a big and serious topic, a few of its implementations are actually fun. From Shiba Inus to feline coins and everything in between, we've rounded up the most eccentric digital coins.
Deals

Amazon deal cuts prices on the latest 11-inch Apple iPad Pro tablets

The Apple iPad Pro has been among our favorite tablets since its initial release in 2018. While Amazon and Samsung offer powerful products, no tablet can touch the iPad Pro's power and productivity. Score yours now on Amazon for just $699.
Computing

Time for a desk upgrade! These great stands will elevate and protect your laptop

The best laptop stands keep your laptop cool and elevated to a position where it's most comfortable to work. Stands come in many different designs with a number of added features, so here are our favorites.
Computing

PCI Express 6.0 is coming in 2021, and it’s already overkill

The PCI Special Interests Group began laying out the specifications for its next, next-generation motherboard socket: PCI Express 6.0. It will double bandwidth again and offer some clever efficiency-boosting technologies.
Cars

Volkswagen says no thanks to outsiders as it develops its own operating system

Volkswagen is taking software development into its own hands instead of joining forces with tech companies. It's assembling a team of more than 5,000 engineers to design an operating system that will equip in all of its cars by 2025.
Computing

Dive into the best VR experiences available now on the Oculus Rift

The Oculus Rift brought back virtual reality and put a modern twist on it. Grab your Touch Controllers, put on your VR headset, and jump into the fun with some of the best Oculus Rift games available now.
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 29 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

What is Libra? Here’s what you need to know about Facebook’s new cryptocurrency

Facebook released a white paper announcing its new cryptocurrency, Libra, which it intends as a way to enable more people around the world to process online payments. Here's how the new blockchain technology works.