Multiple online user reports claim that the MantisTek GK2 mechanical keyboard’s configuration software is sending data to an Alibaba server. One of the reports even includes an analysis of the software’s traffic, which seems to include typed keys.
The MantisTek GK2 is a cheap RGB mechanical keyboard from China that costs half as much (or less) as the mechanical keyboards from better known companies. Multiple gadgets that come from China seem to have either poor security or privacy issues caused by collecting user data without consumers’ explicit permission. The MantisTek GK2 seems to be one of those products.
The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.
The data being sent—in plaintext, no less—has been identified as key presses. This should worry people who bought this keyboard, because that could include email addresses, logins, and even passwords they may have typed at one point or another.
How To Stop The Keylogger
The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.
The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”
If you want a one-click method, you can also download the free GlassWire network monitoring tool. GlassWire will show you all the apps making connections to the internet in the “Alerts” tab and let you block those connections in the “Firewall” tab. It can also be used for other types of connections, such as all the connections Windows 10 makes to Microsoft’s servers even when you have most or all data tracking disabled.
These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other “features” that shouldn’t be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces. Not all products are going to have privacy or security issues, but extra caution is warranted.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.