Keylogger-like behavior is a concern for some Corsair K100 keyboard customers. Several users have reported that their peripherals randomly enter text into their computer that they previously typed days or weeks ago. However, Corsair told Ars Technica that the behavior is a bug, not keylogging, and may be related to the keyboard’s macro recording feature.
A reader tipped us off about an ongoing thread on Corsair’s support forum that a user started in August. The user claimed that their K100 started typing on its own while using it with a MacBook Pro, gaming console and KVM switch.
“Every few days the keyboard would randomly start typing on its own while I was working on the MacBook. It usually seems to type messages I’ve typed before on the gaming PC and it won’t stop until I unplug and plug in the keyboard put it back in,” the user wrote, “brendenguy.”
Ten users seemingly responded to the thread (we can’t verify the validity of every claim or account, but Corsair confirmed this is a known issue), reporting similar experiences.
One said their keyboard started entering a “specific line from a highly sensitive email” while interacting with consumer data with their PC in safe mode. One user commented that they don’t use Corsair’s iCue software for peripheral programming, but had a similar experience. Another said their K100 was typing more than 100 letters against their will, and restoring factory settings and clearing the keyboard’s memory didn’t fix the problem. There are also some threads on the Linus Tech Tips forum with people claiming the same problem. Some customers said they feared they had been hacked at the time, while a few accused Corsair of covert keylogging.
Corsair confirmed to Ars that it has received “multiple” reports of the K100 behaving this way, but confirmed that “there is no hardware function on the keyboard that acts as a keylogger.” The company did not immediately respond to follow-up questions about the number of affected keyboards.
“Corsair keyboards do not log user input in any way and do not have the ability to log individual keystrokes,” Corsair’s representative told Ars Technica.
They also stressed that the problem is not widespread, with only a “small number” of complaints from “tens of thousands” of K100 sales.
The company is investigating the source of the problem, but believes it may be related to the keyboard’s ability to record macros. Some, but not all, users saw the issue resolved with a recent firmware update Corsair released, according to Corsair and a person on the Corsair forum (although they claimed to have other issues after running the update).
“The macro feature may inadvertently enable and record keyboard and possibly mouse input. These macros are then triggered and reproduce input at a later time and misinterpreted as keylogging. We are still investigating the exact nature of the issue with our customers,” said the Corsair spokesperson.
A user on the Corsair forum said that when their K100 accidentally entered text they typed days ago, the input contained the same backspaces and pauses they remembered when they originally typed the content, which sounds like a macro function. Corsair’s K100 enables macro shooting with or without proprietary software.
This is also not a unique problem. We found years of threads on Reddit reporting similar behavior with Logitech keyboards, with some concluding that accidental macro capture was the culprit.
Still, we don’t blame users for being careful. After all, we all know how stealthy keylogging technology can be. We’ve seen keyloggers surreptitiously lurking in everything from laptop touchpad and audio drivers to business laptops and networks and computer accessories, such as keyboards and cables.
Even in the absence of malicious activity, any erratic behavior from a peripheral as sophisticated and expensive as the K100 is frustrating. Corsair is one of the best-known gaming peripheral brands, and the K100 is one of the most expensive keyboards. With an MSRP of $200, the K100 has some of the flashiest features, including the debut of Corsair’s Axon system-on-chip that enables a polling rate of 8,000 Hz, optical mechanical switches, a series of macro keys, and a programmable dial . We haven’t seen any reports of similar issues with the Corsair K100 Air or any of the brand’s keyboards.
All affected customers should contact Corsair’s support group, Corsair’s representative said. They also said affected users could reset the K100 by unplugging the keyboard and then holding down Esc for five seconds while plugging it in.
In response to anyone still concerned about the security of the Corsair keyboard, the company’s spokesperson said, “Corsair takes customer data privacy very seriously, and even if a single user is affected, we will work quickly to solve the problem.” We’ve asked Corsair to offer refunds for the K100 and will update this piece if we hear back.
Corsair’s K100 came out in October 2020 and has a two-year warranty.
