A Chinese mechanical keyboard manufacturer MantisTek has been caught in the middle of a controversy in which it’s being blamed for spying on users through built-in keylogger in its GK2 model and sending the data to a server apparently hosted on Alibaba Cloud server.
The communication is happening over HTTP, not HTTPS which means the user data is being sent in completely unencrypted format and contains data collected through every keystroke a user presses. This means the company has access to everything user types but what’s important is that it also opens the door for other malicious actors who can access the unencrypted traffic and steal the data or spy on a targeted user.
This was revealed by a user RebeccaBlackTech forum (followed by a Reddit post) who noted that “MantisTek’s Cloud Driver” is responsible for sending the data to an IP address 188.8.131.52 linked to Alibaba.com LLC and stores it in /cms/json/putkeyusedata.php and /cms/json/putuserevent.php.
The IP address 184.108.40.206 opens a login page in the Chinese language which when translated through Google Translator revealed this text: “Cloud mouse platform background management system wrong username or password username: Password: Remember the password Login Forgot password ^ _ ^? Is the display not good? We recommend using a browser that supports HTML5 technology. © 2015 Shenzhen Cytec Technology Co., Ltd.”
Remember, the data that is being sent to Alibaba’s server includes everything that you type on your keyboard such as login credentials including email and password, your conversation between friends and family, your financial data such as credit card number, its CVV code and anything related to it, the website you visit, your entire browsing history, web searches and anything else that needs a keyboard since it’s a built-in keylogger.
“You can just add a block rule in Windows Firewall and it’s enough to stop all connections attempts to Alibaba servers,” said Thepunish_br on Reddit.
If you are using MantisTek’s GK2 model, there are chances that your data is being stolen and your online activity is being spied on. At the time of publishing this article, there was no official comment from MantisTek.