Typically, the software can be used to customize the keyboard’s RGB illumination, lighting effects, and macro assignments. But a few owners are reporting that the software sends data to an IP address owned by Alibaba. A post stemming out of Asia provides a few more detailed bits, reporting that MantisTek’s “cloud driver” is the responsible component sending data to a specific address: 47.90.52.88.
If you enter that address in a browser, a Chinese login page appears along with a link to Browse Happy. The page translates to “Cloud mouse platform background management system,” and is maintained by Shenzhen Cytec Technology Co., Ltd., which may or may not be a rechargeable battery maker located in Shenzhen, China (Cytec doesn’t appear in a web search, but Cytac does).
According to the report, the keyboard’s software sends keypress statistics to two destinations at that IP address: “/cms/json/putkeyusedata.php” and “/cms/json/putuserevent.php.” An analysis shows that all information is crossing the internet in plain text, meaning its unencrypted and exposed to anyone snooping on your internet connection. That means hackers — in addition to MantisTek — can grab anything you type, including email addresses, bank account numbers, and login credentials.
The best defense against MantisTek’s alleged keystroke snooping is to not use the GK2’s included software. Based on the product information, you can adjust the illumination and lighting effects manually on the keyboard using a combination of keys. You can do the same when recording macros.
But if you wish for the software to remain installed, then block CMS.exe in your firewall to prevent the software from sending and receiving information over the internet. To do this in Windows 10, type “Windows Firewall” into Cortana’s search field on the taskbar, click on “Windows Defender Firewall with Advanced Security.” After that, add a new Inbound and Outbound rule for CMS.exe.
Mechanical keyboards with virtually no security issues (that we know of) are typically manufactured by high-profile companies such as Razer, Corsair, Logitech, Roccat, Microsoft, Cooler Master, Thermaltake, and a few others. But even with these products, installing software should only be necessary if you want access to the keyboard’s core features. The less software you install, the happier your PC will be.
To be clear, Alibaba isn’t collecting information from owners of the MantisTek GK2 mechanical keyboard. The company provides cloud services, aka Alibaba Cloud, including an elastic compute service, a virtual private cloud, an analytic database, and anti-DDOS services. The “cloud driver” may be silently collecting information for analytic purposes rather than intentionally collecting sensitive information
Still, keylogging is unacceptable no matter the root intention.
