Overclock.net banner

1 - 20 of 41 Posts

·
Waiting for 7nm EUV
Joined
·
11,527 Posts
Discussion Starter #1
Quote:
If you are the owner of a MantisTek GK2 mechanical keyboard, you may want to change your passwords. Users are reporting strange network connections being made by its accompanying software that point to an IP connected with Alibaba's cloud servers. A packet analysis shows that the data being sent to the Chinese server includes keys typed by the user.

This keyboard is extremely cheap and it looks like MantisTek is trying to offset the cost by selling its users' key press data. The physical keyboard itself is fine but the software package that comes with it is where the troubles lie.
Quote:
The "Cloud Driver" software regularly sends packets to an IP tied to servers controlled under Alibaba. The Chinese e-commerce giant sells cloud computing services just like Amazon and Google so it's likely that they are not using the data directly. This data is also being sent as plaintext nonetheless.
Source.

"Cloud driver" for a budget keyboard. What could possibly be wrong?
 

·
Banned
Joined
·
8,804 Posts
In the end, you get what you pay for. Or, more accurately, you end up paying for the hardware one way or the other, and companies aren't in the business of losing money.
 

·
Registered
Joined
·
754 Posts
Quote:
Originally Posted by ToTheSun! View Post

In the end, you get what you pay for. Or, more accurately, you end up paying for the hardware one way or the other, and companies aren't in the business of losing money.
That would make sense if they are sending keylog strings for login information and whatnot. But statistics? Who do you sell keystroke statistics to?
 

·
Registered
Joined
·
1,233 Posts
Is it possible something like this could be "baked in" the keyboard and not need additional software? Or its safer letting Windows just handle the driver support?
 

·
Frog Blast The Vent Core
Joined
·
6,118 Posts
Quote:
Originally Posted by CDub07 View Post

Is it possible something like this could be "baked in" the keyboard and not need additional software? Or its safer letting Windows just handle the driver support?
It is entirely possible. There have been incidents where various malicious actors have essentially written malware into the firmware of devices. Not much a consumer can do about it, but it is something worth being aware of.
 

·
I Love this Hobby!
Joined
·
7,822 Posts
What's with all the questions about ifs and buts?

Nothing incredulous here. All the companies are aligned with the alphabet soup agencies and provide your info with hardware/software backdoors. That is all. While they are selling the info, they also want to know the general sentiments since they are so few and we are many. Additionally, while we are many, many of us are just zombies attached to the physical things of this world without a notion of the spiritual war going on.
 
  • Rep+
Reactions: GANDALFtheGREY

·
Registered
Joined
·
134 Posts
Quote:
Originally Posted by CDub07 View Post

Is it possible something like this could be "baked in" the keyboard and not need additional software? Or its safer letting Windows just handle the driver support?
Keyboards themselves can be malicious and automatically send keystrokes to the system to download and install malware. In fact one notorious attack vector is releasing USB flash drives that are actually keyboard devices that do exactly that.
 

·
Banned
Joined
·
8,804 Posts
Quote:
Originally Posted by MrKoala View Post

Quote:
Originally Posted by ToTheSun! View Post

In the end, you get what you pay for. Or, more accurately, you end up paying for the hardware one way or the other, and companies aren't in the business of losing money.
That would make sense if they are sending keylog strings for login information and whatnot. But statistics? Who do you sell keystroke statistics to?
Ad companies. What you type on your browser and on general documents can be very revealing of a specific segment of the population.
 

·
Banned
Joined
·
2,893 Posts
Quote:
Originally Posted by CDub07 View Post

Is it possible something like this could be "baked in" the keyboard and not need additional software? Or its safer letting Windows just handle the driver support?
Anything with a micro-processor or micro-controller is capable of doing this. I raised this very same concern in one my threads.
 

·
Super Moderator
Joined
·
9,195 Posts
Quote:
Originally Posted by MrKoala View Post

That would make sense if they are sending keylog strings for login information and whatnot. But statistics? Who do you sell keystroke statistics to?
Random number generator. Humans are pretty good at randomness when it comes to, for instance, the timing between keystrokes. You might be in a rhythm but if you truncate the first few significant digits or something it's just numerical noise from a squishy, non-deterministic source.
 

·
Registered
Joined
·
754 Posts
Quote:
Originally Posted by CynicalUnicorn View Post

Random number generator. Humans are pretty good at randomness when it comes to, for instance, the timing between keystrokes. You might be in a rhythm but if you truncate the first few significant digits or something it's just numerical noise from a squishy, non-deterministic source.
And a simple local hardware RNG would do a way better job. Actually the timing of the packages arriving would do a better job than the content they send.
 

·
Iconoclast
Joined
·
30,630 Posts
Pretty low, but I can't imagine installing software for a keyboard and anything new running after just plugging in a USB device should be a major red flag.
Quote:
Originally Posted by sepiashimmer View Post

Anything with a micro-processor or micro-controller is capable of doing this. I raised this very same concern in one my threads.
Not over PS/2!
 

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,456 Posts
Quote:
Updated November 8, 2017: The MantisTek debacle continues, with Tom's Hardware posting an update to their original article surrounding the potential keylogger. It seems that while the MantisTek's 'Cloud Driver' does indeed transfer information to mysterious servers, it contains no actual key press data.
 

·
- Insanity Beckons -
Joined
·
4,672 Posts
Quote:
Originally Posted by Blameless View Post

Pretty low, but I can't imagine installing software for a keyboard and anything new running after just plugging in a USB device should be a major red flag.
Quote:
Originally Posted by sepiashimmer View Post

Anything with a micro-processor or micro-controller is capable of doing this. I raised this very same concern in one my threads.
Not over PS/2!
NEVER, when using any older Model-M or Model-F keyboards.

Just goes to show, keep all the older keyboards because it will be far safer as the future arrives, with more of these keyloggers
helpinghand.gif
.
 

·
Registered
Joined
·
176 Posts
Quote:
Originally Posted by Elrick View Post

NEVER, when using any older Model-M or Model-F keyboards.

Just goes to show, keep all the older keyboards because it will be far safer as the future arrives, with more of these keyloggers
helpinghand.gif
.
I still have my PS2 IBM keyboard, it's my homage to IBM Big Blue...
 

·
Registered
Joined
·
176 Posts
Quote:
Originally Posted by Gunderman456 View Post

What's with all the questions about ifs and buts?

Nothing incredulous here. All the companies are aligned with the alphabet soup agencies and provide your info with hardware/software backdoors. That is all. While they are selling the info, they also want to know the general sentiments since they are so few and we are many. Additionally, while we are many, many of us are just zombies attached to the physical things of this world without a notion of the spiritual war going on.
It's the industrial complex pretty much all leaders, governments and politicians are looking out for their interests rather than the interests of the people they serve. They have forgotten that they are public servants.
 

·
Testing...
Joined
·
3,246 Posts
Not a good week for cloud devices.
 
1 - 20 of 41 Posts
Top