Hello, welcome to the Thursday, November 9th, 2017 edition of the Sands and a Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Miami, Florida.

Software extensions to keyboards on mobile devices have long been known to exfiltrate data.

Many of these software keyboards have legitimate reasons to do so, like for example for

auto-completion algorithms or for spell checkers and like that run as a cloud service, so

keystrokes need to be exfiltrated in order to actually provide these services.

But of course this feature can easily be abused in particular if a company loses control over

these cloud services or of course if a keyboard is created by a malicious entity.

Mechanical keyboards have so far not used features like this until now.

Recently, users of the Mantis Tech, 104 key mechanical gaming keyboard, found that their key

strokes are being exfiltrated to a web service in China.

Keyboards typically do not have network connectivity,

but in this case, the special driver used by the keyboard

is used to exfiltrate the data.

This cloud driver, as it is referred to,

is collecting performance data

and passing it to the manufacturer of the keyboard.

Of course, this performance data includes actual keystrokes, or at least it can include them from the data I have seen.

However, it isn't clear if the actual keystrokes are being exfiltrated or if it's really only

the number of keys that are being pressed but either way confidential data is leaked and of course

this cloud driver could easily exfiltrate additional key data and definitely could exfiltrate keystrokes.

The report I will link to in the show notes includes the IP address and additional details

...