Submitted by grawlings on Wed, 11/08/2017 - 10:11
A Chinese mechanical keyboard manufacturer MantisTek has been caught in the middle of a controversy in which it’s being blamed for spying on users through built-in keylogger in its GK2 model and sending the data to a server apparently hosted on Alibaba Cloud server.
The communication is happening over HTTP, not HTTPS which means the user data is being sent in completely unencrypted format and contains data collected through every keystroke a user presses. This means the company has access to everything user types but what’s important is that it also opens the door for other malicious actors who can access the unencrypted traffic and steal the data or spy on a targeted user.