November 07, 2017
“The right keyboard can make all the difference between a victory and a defeat in a video game battlefield.”
If you are a gamer, you can relate to the above quote.
But what if your winning weapon betrays you?
The popular 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.
This built-in keylogger in Mantistek GK2 Mechanical Gaming Keyboard was noticed by a few owners who headed on to an online forum to share this issue.
According to Tom’s Hardware, MantisTek keyboards utilise ‘Cloud Driver’ software, maybe for collecting analytic information, but has been caught sending sensitive information to servers tied to Alibaba.
After analysing more closely, Tom’s Hardware team found that Mantistek keyboard does not include a full-fledged keylogger. Instead, it captures how many times a key has been pressed and sending this data back to online servers.
The affected users also provided a screenshot showing how all your plain-text keystrokes collected by the keyboard are being uploaded to a Chinese server located at IP address: 188.8.131.52.
However, even if there’s no malicious intent, capturing and uploading keystroke counts without users’ consent violates trust and puts systems’ security at risk by leaking sensitive information.