MantisTek GK2's Keylogger Is a Warning Against Cheap Gadgets

My first thought is, why does a keyboard even need its own software? There&#x27;s a reason PS&#x2F;2 and USB HID are standards...<p>I remember purchasing an HP printer a while ago --- it came with a CD full of useless crap, including drivers that took a full 400MB installer containing, among other things, a JVM, Apache Tomcat, and a bunch of other Java-based bloat for the &quot;management UI&quot;. I just used the OS generic HP&#x2F;PCL driver and it&#x27;s been working that way since. I have heard that even those drivers phone home now, to report how many pages were printed and ink levels etc.<p>Telemetry --- it&#x27;s in everything now, and this greatly disgusts me. No doubt it&#x27;s probably buried somewhere deep in the EULA for this keyboard&#x27;s software, that you agreed to the collection of &quot;aggregate key usage information&quot; or similar. Read the Windows 10 EULA for some similarly creepy wording.<p>Also, if you&#x27;re paranoid about USB keyboards containing other &quot;hidden devices&quot;, a USB-PS&#x2F;2 adapter would probably work to stop anything else from getting through.

&gt; These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other &quot;features&quot; that shouldn&#x27;t be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces.<p>Come on, it&#x27;s not like American manufacturers are a paragon of user privacy, was this jingoistic jab necessary?<p>&quot;Obscure manufacturer screws up&quot; doesn&#x27;t imply &quot;Chinese engineers are completely worthless&quot;.

Not exactly just against cheap gadgets - remember the Connexant keylogger from earlier this year? It seems to be a common thing for driver developers to log keypresses for development purposes yet fail to disable that functionality in release... easiest fix? Don&#x27;t install closed source drivers for 3rd party hardware.<p><a href="https:&#x2F;&#x2F;www.modzero.ch&#x2F;advisories&#x2F;MZ-17-01-Conexant-Keylogger.txt" rel="nofollow">https:&#x2F;&#x2F;www.modzero.ch&#x2F;advisories&#x2F;MZ-17-01-Conexant-Keylogge...</a>

Warning against cheap keyloggers: Get expensive high quality keyloggers from Microsoft, Google etc.

In plaintext, this is the donald trump of malware.

Read the original posts and saw the package capture screenshot. It seems like it sends stats on how many keypresses there are on a key-by-key basis, not an actual keylogger (ie it doesn&#x27;t send the content of what you sent).<p>It sends this in cleartext over http, not https. Again, not the content of what you type, so your url+user&#x2F;pw is not sent (at least not according to what is known now).