Keylogging: Boon or Bane

Keylogger is a hardware or software plugin which can secretly capture all the keystrokes entered through the keypad of a typing device without the knowledge and consent of the user. It can affect a desktop or laptop keyboard; even a smartphone keypad is also not spared. Reetwika tells us about Keylogger and the preventive measures, in the weekly column, exclusively for Different Truths.

Have you ever seen the PC you regularly use at your favourite cyber café has an unusual device installed under the keyboard?

Have you scanned your laptop in recent times to clean all unwanted and unknown program files from the disk?

Have you rebooted your OS in last one year?

If you are hosting a website of your own, have you installed an Anti-Spyware application on the web server?

If you have a web addict kid at home, do you wish to keep a silent eye on his browsing history without letting him know about it?

If you are an employer, do you want to monitor your employee’s web habits using office PC?

Well, all your answers will redirect to one and only technological wonder and that is Keylogging. From the impact questions asked above, you must have already got an idea, what a Keylogger can serve for you.

Keylogger is a hardware or software plugin which can secretly capture all the keystrokes entered through the keypad of a typing device (ex: files opened, copied and pasted, login credentials like username and passwords, financial data like card details, account balance and investments, emails sent and received, instant private messages, WhatsApp and Messenger pings, call recordings, video streams, webcam archives, photos and music, websites visited and actions are taken, screenshot of your browsing history, etc.) without the knowledge and consent of the user. It can affect a desktop or laptop keyboard; even a smartphone (iPhone & Android based) keypad is also not spared. The keystrokes get recorded in the form of logs and thus the process is called Keylogging, and the device a Keylogger.

The logs are first stored in the device or program and then sent over to the receiver via email or any other mechanism set-up by the intruder. As a matter of fact, this type of spying technique can be applied to achieve both positive and negative outcomes, however, the choice resides entirely with the user. To avoid illicit surveillance of your keyboard activities, you first need to know how a Keylogger operates.

Hardware Keyloggers

Insignificantly small devices fitted with the computing system as an external add-in to capture keystrokes are hardware based Keyloggers. The appliance can be furtively connected under the keyboard, behind CPU, on Wi-Fi router, as ATM keyboard overlays, etc. It is a good practice to observe the physical arrangement of any public system before making online payments using their keypads.

Optical Keyloggers can even arrest the keystrokes through electromagnetic fields created by a wireless keyboard. But this is only possible with few specific keyboard models. So, next time on, try to avoid any optical or wireless keyboard which is more susceptible to keylogging attacks.

There are some high-end circuits which can even detect the keys from the sound created by their pressings on a particular keyboard. Such type of device is known as Acoustic Keylogger and are mostly used for closed room monitoring. 

Even Keyloggers can be configured at the firmware level, however, that cannot be figured out from outside as such chips are placed inside the motherboard. 

Software Keyloggers

If any form of non-physical technique is used for logging the keystrokes, it is called a software-based Keylogger; and is evidently more devastating than its hardware counterparts. To make the job tougher, software-based Keyloggers can be easily downloaded from internet for free since its use is not forbidden under any criminal law.

That makes it more difficult to detect software Keyloggers as they are often embedded within the Program Files, disguised as legitimate system files. It requires technical expertise to spot the anomaly at a glance.

Software Keyloggers can be installed in the Operating System, Kernel, Directory, Dynamic Link Library, Virtual Machines, Keyboard APIs, inbuilt JavaScripts, Webforms, Memory Registers, etc. It can even be in the form of a Smartphone app which if placed near a physical keyboard can tap the keystroke sound and air vibrations. Nowadays even a stylus can also capture the touchscreen statistics. You may like to try out the various Keylogger apps available for free at different app stores.

Tips to Prevent Keylogger Abuses

Like all my columns, here I share some useful tips to prevent yourself from the abuse of secret Keyloggersinstalled as a hardware or software to monitor your key signatures.

1. Never use your personal debit or credit cards for online payments on public systems like cyber cafes and shared PCs. Also, do not use any non-standard unknown browsers in such machines. There are substantial chances of hardware and browser-based software Keyloggers installed in those devices.

2. Carefully look out for ATM overlays before punching your PIN. Skimmers are often secretly mounted above the keypad in such a way that it can capture all the keystrokes without anyone’s notice.

3. Whenever possible, try to use a virtual keypad or voice-to-text technology to enter your private information (ex: username, password, PIN, secure code, etc) rather than to type it out from the physical console.

4. You may create a Virtual Machine on your web server to fool Keylogger attempts. This is particularly helpful if you own a website of your own, else not.

5. Try to use One Time Passwords (OTP) for online payments instead of typing in secure transaction passwords from the keyboard. This will cut down the risks of key reuse and session hijacking.

6. Try to use an auto form fill up options for submitting Webforms. This prevents you from entering the same keys repeatedly. However, no private information should not be saved in public machines.

7. For accessing the critical web and email servers, you may use Multi-Factor Authentication (MFA) mechanisms like VPN tokens, smart cards, biometrics etc so that you can avoid the risk of Keylogger attempts even if it’s already compromised.

8. Reboot your computer every six months using Recovery CD or write-protected Live USB. It will prevent your OS from Keylogger infection. Even if someone had configured it at OS level, it would be cleaned.

9. Whenever you are accessing a public machine, open the Task Manager (Ctrl+Alt+Del > Task Manager) to check all the programs running on the backend. If you find any unidentified tasks there, it is likely to be a Software Keylogger. Terminate it immediately. You can also uninstall the program from Control Panel provided you have Admin Rights on the machine by default.

10. Do not allow your kid to install computer games (ex: MMORPG) from unknown sources. They are potential sources of keyloggers.

11. Avoid using pirated and free software as they are the biggest sources of keyloggers.

12. Do not visit illicit websites and torrents especially which are not secured (HTTPS enabled). Check the hyperlink on the browser before opening any website.

13. Avoid using USBs (PDAs, pen drive, mouse, external keyboard, memory cards etc) without scanning. Whenever you connect an external storage device, do scan it with your Anti-Virus first, clean any infections and then use it.

14. Linux is more secure than MS Windows with respect to Keyloggers and Spywares. You may try switching to Linux if you have good programming skills since it is not as user-friendly as MS Windows.

15. It always calls for a smart choice to invest in licensed and reliable Anti-Viruses, Anti-Spywares and Anti-Keyloggers or a complete internet security solution with robust features, of course, if your pocket permits.

©Reetwika Banerjee 

Photos from the Internet

#AntiKeyloggers #AntiViruses #AntiSpywares #MSWindows #Linux #USBs #HTTPSenabled #LiveUSB #Keylogging #CyberCrime #DifferentTruths