Hardware keylogger

Last updated
A Hardware keylogger for USB-Keyboards USB Hardware Keylogger.jpg
A Hardware keylogger for USB-Keyboards

Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including sensitive passwords. [1] They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activity to their internal memory.

Contents

Description

Hardware keyloggers have an advantage over software keyloggers as they can begin logging from the moment a computer is turned on (and are therefore able to intercept passwords for the BIOS or disk encryption software).

All hardware keylogger devices have to have the following:

Generally, recorded data is retrieved by typing a special password into a computer text editor. The hardware keylogger plugged in between the keyboard and computer detects that the password has been typed and then presents the computer with "typed" data to produce a menu. Beyond text menu some keyloggers offer a high-speed download to speed up retrieval of stored data; this can be via USB mass-storage enumeration or with a USB or serial download adapter.

Typically the memory capacity of a hardware keylogger may range from a few kilobytes to several gigabytes, with each keystroke recorded typically consuming a byte of memory.

Types of hardware keyloggers

A connected hardware-based keylogger. Usb-logger.jpg
A connected hardware-based keylogger.
  1. A regular hardware keylogger is used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer. It logs all keyboard activity to its internal memory which can be accessed by typing in a series of pre-defined characters. A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer's operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software. They are typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC Balun. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this "feature". They are designed to work with legacy PS/2 keyboards, or more recently, with USB keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wireless communication standard.[ citation needed ]
  2. Wireless keylogger sniffers - Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices.
  3. Firmware - A computer's BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.
  4. Keyboard overlays - a fake keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using. [2]
  5. Key commands - exist in much legitimate software. These programs require keyloggers to know when you’re using a specific command. [3]

Countermeasures

Denial or monitoring of physical access to sensitive computers, e.g. by closed-circuit video surveillance and access control, is the most effective means of preventing hardware keylogger installation. Visual inspection is the easiest way of detecting hardware keyloggers. But there are also some techniques that can be used for most hardware keyloggers on the market, to detect them via software. In cases in which the computer case is hidden from view (e.g. at some public access kiosks where the case is in a locked box and only a monitor, keyboard, and mouse are exposed to view) and the user has no possibility to run software checks, a user might thwart a keylogger by typing part of a password, using the mouse to move to a text editor or other window, typing some garbage text, mousing back to the password window, typing the next part of the password, etc. so that the keylogger will record an unintelligible mix of garbage and password text. [4] General keystroke logging countermeasures are also options against hardware keyloggers.

The main risk associated with keylogger use is that physical access is needed twice: initially to install the keylogger, and secondly to retrieve it. Thus, if the victim discovers the keylogger, they can then set up a sting operation to catch the person in the act of retrieving it. This could include camera surveillance or the review of access card swipe records to determine who gained physical access to the area during the time period that the keylogger was removed.

Related Research Articles

<span class="mw-page-title-main">Keyboard technology</span> Hardware technology of keyboards

The technology of computer keyboards includes many elements. Among the more important of these is the switch technology that they use. Computer alphanumeric keyboards typically have 80 to 110 durable switches, generally one for each key. The choice of switch technology affects key response and pre-travel. Virtual keyboards on touch screens have no physical switches and provide audio and haptic feedback instead. Some newer keyboard models use hybrids of various technologies to achieve greater cost savings or better ergonomics.

<span class="mw-page-title-main">Keystroke logging</span> Action of recording the keys struck on a keyboard

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

<span class="mw-page-title-main">USB flash drive</span> Data storage device

A USB flash drive is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than 30 g (1 oz). Since first appearing on the market in late 2000, as with virtually all other computer memory devices, storage capacities have risen while prices have dropped. As of March 2016, flash drives with anywhere from 8 to 256 gigabytes (GB) were frequently sold, while 512 GB and 1 terabyte (TB) units were less frequent. As of 2018, 2 TB flash drives were the largest available in terms of storage capacity. Some allow up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and are thought to physically last between 10 and 100 years under normal circumstances.

<span class="mw-page-title-main">KVM switch</span> Device that connects computer front-end hardware to multiple computers

A KVM switch is a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors, and mice.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens include wireless keycards used to open locked doors, or a banking token used as a digital authenticator for signing in to online banking, or signing a transaction such as a wire transfer.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

<span class="mw-page-title-main">Virtual keyboard</span> Software component

A virtual keyboard is a software component that allows the input of characters without the need for physical keys. The interaction with the virtual keyboard happens mostly via a touchscreen interface, but can also take place in a different form in virtual or augmented reality.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

<span class="mw-page-title-main">Computer keyboard</span> Data input device

A computer keyboard is a peripheral input device modeled after the typewriter keyboard which uses an arrangement of buttons or keys to act as mechanical levers or electronic switches. Replacing early punched cards and paper tape technology, interaction via teleprinter-style keyboards have been the main input method for computers since the 1970s, supplemented by the computer mouse since the 1980s.

Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. As both consumers and businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage capacities.

Form grabbing is a form of malware that works by retrieving authorization and log-in credentials from a web data form before it is passed over the Internet to a secure server. This allows the malware to avoid HTTPS encryption. This method is more effective than keylogger software because it will acquire the user’s credentials even if they are input using virtual keyboard, auto-fill, or copy and paste. It can then sort the information based on its variable names, such as email, account name, and password. Additionally, the form grabber will log the URL and title of the website the data was gathered from.

<span class="mw-page-title-main">Computer hardware</span> Physical components of a computer

Computer hardware includes the physical parts of a computer, such as the case, central processing unit (CPU), random access memory (RAM), monitor, mouse, keyboard, computer data storage, graphics card, sound card, speakers and motherboard.

This glossary of computer hardware terms is a list of definitions of terms and concepts related to computer hardware, i.e. the physical and structural components of computers, architectural issues, and peripheral devices.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

An anti-keylogger is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logger software on a computer. In comparison to most anti-virus or anti-spyware software, the primary difference is that an anti-keylogger does not make a distinction between a legitimate keystroke-logging program and an illegitimate keystroke-logging program ; all keystroke-logging programs are flagged and optionally removed, whether they appear to be legitimate keystroke-logging software or not. The anti-keylogger is efficient in managing malicious users. It can detect the keyloggers and terminate them from the system.

<span class="mw-page-title-main">Logitech Unifying receiver</span> USB wireless receiver

The Logitech Unifying receiver is a small dedicated USB wireless receiver, based on the nRF24L-family of RF devices, that allows up to six compatible Logitech human interface devices to be linked to the same computer using 2.4 GHz band radio communication. Receivers that are bundled with a Logitech product are paired with the device at the factory. When purchasing a replacement receiver or connecting multiple devices to one receiver, pairing requires the free-of-charge Logitech Unifying software, available for Microsoft Windows and Mac OS X. On Linux the Solaar software can be used to adjust the configurations. Although not compatible with Bluetooth, devices pair to Unifying Receivers in a similar way. Peripherals remain paired, and can then be used on systems not supporting the software. Logitech receivers compatible with the Unifying protocol can be identified by the orange Unifying logo, which distinguishes them from Logitech Nano receivers of similar appearance, which pair in a similar manner but only with a single device, without using the Unifying protocol.

<span class="mw-page-title-main">USBKill</span> Software to protect from unknown USB devices

USBKill is anti-forensic software distributed via GitHub, written in Python for the BSD, Linux, and OS X operating systems. It is designed to serve as a kill switch if the computer on which it is installed should fall under the control of individuals or entities against the desires of the owner. It is free software, available under the GNU General Public License.

<span class="mw-page-title-main">Evil maid attack</span> Type of computer security breach

An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it.

<span class="mw-page-title-main">Flipper Zero</span> Multi-tool electronic device

Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface. It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8M. The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet.

References

  1. "Keyloggers, pros and cons". BCS.
  2. Jeremy Kirk (2008-12-16). "Tampered Credit Card Terminals". IDG News Service. Retrieved 2009-04-19.
  3. "What Are Keyloggers and How to Protect Against Them". Safety Detective. 2018-09-02. Retrieved 2018-11-22.
  4. Hardware Keylogger Detection Archived 2012-02-09 at the Wayback Machine , SpyCop.