The 104 MantisTek GK2 mechanical gaming keyboard has been found recording all your keystrokes in plain text and sending them to an Alibaba server.
MantisTek GK2 mechanical gaming keyboard is a cheap china made RGB keyboard that cost just the half or less than that of keyboards from other good companies. However, these products will have poor security and privacy issues.
Multiple users have reported this in an online forum that without user consent the board keeps logs of everything you have input on the device and sends the information to an IP address tied to Alibaba server.
According to Tom’s Hardware “The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.”
In the below image you can see that all the keystrokes are recorded in plaintext and are sent to an IP address 18.104.22.168 located on a Chinese server.
When checked this IP address was directed to a Chinese login page which when translated says “Cloud mouse platform background management system” and maintained by a company called Shenzhen Cytec Technology Co Ltd.
How to prevent the MantisTek GK2 keyboard from sending your data?
The first method is making sure that MantisTek Cloud Driver software is not running in the background.
The second method is that you can stop data collection by blocking CMS.exe executable in your firewall by adding a new firewall rule for the MantisTek Cloud Driver in the Windows Defender Firewall With Advanced Security.
“These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other “features” that shouldn’t be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces. Not all products are going to have privacy or security issues, but extra caution is warranted.” said in the post published by Tom’s Hardware.