The Mantistek GK2 Mechanical Gaming Keyboard is a popular 104-key accessory and costs costs around €49.66 which won’t break the bank however this keyboard has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by an Alibaba Group.
Products from Amazon.co.uk
Price: £13.99Was: £19.99
Price: £24.99Was: £30.99
Users have taken to an online forum to discuss the issue, one user writes,
GK2 owner here. everytime you open the “MANTISTEK Cloud Driver” it sends information to 188.8.131.52 which is tied to Alibaba.com LLC. when you open the page in browser it shows login page with moonrunes that translate to “Cloud mouse platform background management system”.
Apparently it sends information about key presses statistics:
So the microphone (or rather the sound sensor) isn’t recording you 24/7. Honestly I don’t really know what the fuck am I doing, I don’t have much experience with packet analysis. There are some values marked as “eid”, “av”, “hid” and I have no idea what they mean, they aren’t the same as keyboard’s device ID or anything. If there’s someone more experienced than me I’ll be happy to give you .cap file so you can check it out yourself.
Nonetheless all it takes is to add a rule in firewall to block all outgoing connections CMS.exe. The software still works and other than changing the backlight colour it’s not really needed.
As for keyboard itself I’m still having problems with left side of my spacebar rattling, which I think is a problem with a stabilizer (video: https://www.youtube.com/watch?v=NheWR1HiHjo). If someone knows how to fix it I’d be grateful.
Overall the backlight is really nice, but I’m not impressed with the keyboard itself. I feel like I should pick brown/black switches instead of red and I got memed into them because people said they’re for gaymers. It also doesn’t feel much.
Whilst it is recommended to avoid using this keyboard until an official statement is made by the company for those who still need to use it make sure the MantisTek Cloud Driver software is not running in the background, and block the CMS.exe executable in your firewall. You can view all the current posts by users here.