Corsair says bug, not keylogger, behind some K100 keyboards’ creepy behavior

  News
image_pdfimage_print
Man's hand using rgb keyboard while live streaming

Keylogger-like behavior has some Corsair K100 keyboard customers concerned. Several users have reported their peripheral randomly entering text into their computer that they previously typed days or weeks ago. However, Corsair told Ars Technica that the behavior is a bug, not keylogging, and it’s possibly related to the keyboard’s macro recording feature.

A reader tipped us off to an ongoing thread on Corsair’s support forum that a user started in August. The user claimed that their K100 started typing on its own while they use it with a MacBook Pro, gaming computer, and KVM switch.

“Every couple of days, the keyboard has started randomly typing on its own while I am working on the MacBook. It usually seems to type messages that I previously typed on the gaming PC and it won’t stop until I unplug the keyboard and plug it back in,” the user, “brendenguy,” wrote.

Corsair's K100 keyboard.
Enlarge / Corsair’s K100 keyboard.

Ten users seemingly responded to the thread (we can’t verify the validity of each claim or account, but Corsair confirmed this is a known issue), reporting similar experiences.

One said their keyboard started entering a “specific line from a very sensitive email” while interacting with consumer data with their PC in Safe Mode. One user noted that they don’t use Corsair’s iCue software for programming peripherals but had a similar experience. Another said their K100 typed out more than 100 letters against their will, and factory resets and clearing the keyboard’s memory didn’t resolve the issue. There are also some threads on the Linus Tech Tips forum with people claiming the same problem. Some customers said they feared they were hacked at the time, while a few accused Corsair of stealthy keylogging.

Corsair confirmed to Ars that it’s received “several” reports of the K100 acting like this but affirmed that “there’s no hardware function on the keyboard that operates as a key logger.” The company didn’t immediately respond to follow-up questions about how many keyboards were affected.

“Corsair keyboards unequivocally do not log user input in any way and do not have the ability to log individual keystrokes,” Corsair’s rep told Ars Technica.

They also insisted that the issue isn’t widespread, with just a “small number” of complaints from “tens of thousands” of K100 sales.

The company is investigating what’s causing the issue but believes it could be related to the keyboard’s ability to record macros. Some, but not all users, saw the issue resolved with a recent firmware update Corsair issued, according to Corsair and one person on Corsair’s forum (although they claimed to have different issues after performing the update).

 “The macro function could be inadvertently switching on and recording keyboard, and potentially mouse, inputs. These macros are then being triggered and reproducing inputs at a later time and misinterpreted as keylogging. We’re still investigating the precise nature of the issue with our customers.,” Corsair’s spokesperson said. 

One user on Corsair’s forum said that when their K100 inadvertently entered text they typed days ago, the input included the same backspaces and pauses they recalled making when originally typing the content, which sounds like a macro function. Corsair’s K100 allows macro recording with or without its proprietary software.

This also isn’t a unique problem. We found years-old discussions on Reddit that reported similar behavior with Logitech keyboards, and some concluded that accidental macro recording was the culprit.

Still, we don’t blame users for being cautious. After all, we all know how inconspicuous keylogging tech can be. We’ve seen keyloggers covertly lurking in everything from laptop touchpad and audio drivers to corporate laptops and networks and computer accessories, like keyboards and cables.

Even if there is no malicious activity, any erratic behavior from a peripheral as advanced and expensive the K100 is frustrating. Corsair is one of the most well-known gaming peripheral brands, and the K100 is one of its most expensive keyboards. With a $200 MSRP, the K100 has some of the flashiest features, including the debut of Corsair’s Axon system-on-chip enabling an 8,000 Hz polling rate, optical mechanical switches, a bank of macro keys, and a programmable dial. We haven’t seen any reports of similar issues with the Corsair K100 Air or other keyboards from the brand.

Any affected customers should contact Corsair’s support group, Corsair’s rep said. They also said that affected users could reset the K100 by unplugging the keyboard and then holding down Esc for five seconds while plugging it in.

In response to anyone still being concerned about the Corsair keyboard’s security, the company’s spokesperson said: “Corsair takes customer data privacy very seriously, and even if a single user is impacted, we’ll quickly work to resolve the issue.” We asked Corsair it would offer refunds for the K100 and will update this piece if we hear back.

Corsair’s K100 came out in October 2020 and has a two-year warranty.

https://arstechnica.com/?p=1905144