A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Keylogger

A device or software that records keystrokes entered by a user, usually to secretly monitor and/or maliciously use this information

A keylogger is a tool that captures and records a user's keystrokes. It can record instant messages, email, passwords and any other information you type at any time using your keyboard. Keyloggers can be hardware or software.

One common example of keylogging hardware is a small, battery-sized device that connects between the keyboard and the computer. Since the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device in plain sight. A simple hardware keylogger may look something like the picture below.

Hardware keylogger example

As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later time, the person who installed the keylogger must return and physically remove the device in order to access the information it has gathered.

Another type of keylogging hardware is the wireless keyboard sniffer. Wireless keyboards have become very common for their convenience and long range of up to 100 meters. A hacker can design hardware to sniff data sent from a wireless keyboard to the receiver because the encryption can easily be cracked. Still another type is firmware-based. The firmware on the keyboard and your machine is used to handle keystroke events. The firmware can be hacked to record keystrokes as they are processed.

A software keylogger can be downloaded and installed as a program running in the background. Software keyloggers may also be embedded in spyware, allowing your information to be transmitted to an unknown third party over the Internet.

Several types of software-based keyloggers exist. With a core OS-based keylogger, the malicious software resides in the core of the operating system that you are running. Whenever you press a key, the core processes it, and a core OS-based keylogger can tap into this processing and log the input. The keylogger based on this approach can be embedded in the keyboard drivers or by hacking into it. These types of keyloggers are extremely powerful, as it is very difficult to detect them at first and even more difficult to remove them without harming the drivers and causing your computer to malfunction.

A hook-based keylogger takes advantage of an application that an operating system typically provides to which legitimate applications can subscribe in order to be able to read keystrokes. The hook-based key logger hooks itself to this application and simply records the keystrokes.

There are also browser-based keyloggers, which are able to bypass https encryption. When you click a 'Submit' button on a webpage or click 'Send' on an email, text is transferred. These keyloggers record the text before it is passed over the Internet.

Protective Measures

Practices

  • Adhere to the basic cyber security best practices. A keylogger, like other spyware, has very different characteristics from a virus or worm. To most anti-virus software, they might appear to be normal programs. The best way to counter these keyloggers is to keep your operating system updated with security patches for known vulnerabilities. Also, review your web browser's security settings, and install at least one reputable anti-spyware software, such as Windows Defender. Finally, always avoid clicking unusual links that you receive either in an email or a message on a social networking site.
  • Monitor the programs running on your computer. If you are using Windows, this could be done by typing Ctrl-Alt-Delete to go to the Task Manager. The Task Manager lists all the programs running on your machine.
  • Alternate between windows when entering sensitive information. Keyloggers can be fooled by alternating between other windows to type sensitive information, such as a user name and password. This way, login credentials are interspersed with other unrelated characters in the text recorded by the keylogger.
  • Consider keystroke interference software. This type of program deceives keyloggers by adding excessive noise, such as random keystrokes, to make it difficult for keyloggers to acurately capture text.
  • Use a virtual keyboard. To prevent keystrokes from being recorded, you could use a virtual keyboard that use clicks for characters. On a Windows-based computer, such a virtual keyboard can be found in Start > Programs > Accessories > Accessibility > On screen keyboard. However, even these applications are not guaranteed to be secure, as some keyloggers are designed to take screen snapshots on every mouse click. To avoid falling prey to this, some virtual keyboards are designed to enter a character when the mouse hovers over a particular key. Many banks have started to provide virtual keyboards to increase security.

Tools

  • Anti-spyware software. Some examples are Spybot - S&D , Ad-Aware  and Pest Patrol .
  • Firewall. Having a firewall can prevent transmission of the logged data over the Internet to third party.
  • Automatic form filler programs. These programs fill in online forms without requiring typing, using previously stored information. An example of such software for Windows is FormAutoFiller  and for MacOS is 1passwd .
  • Web-based keyboard. A web-based or virtual keyboard can bypass keystroke input on a standard keyboard, preventing keyloggers from recording the keyboard input.

References

Links

My home page