Hardware Keylogger – A Serious Threat
Keyloggers are a serious threat for both companies and individuals. Their goal is to log all input made by a user and to then make it available for the attacker.
Author: MICHAEL R. HEINZL
Source: Hakin9 1/2010 http://hakin9.org
The input collected may contain information such as user credentials, e-mails, bank details and other sensitive data that could then enable an attacker to dig deeper into a system(s). With the right information an attacker could transfer money to his own account, as well as numerous other activities based on the information available. This article focuses on most relevant topics in terms of hardware keyloggers and details various solutions for protection against such tools.
A keylogger is generally a hardware or software solution which stores all input from a keyboard (see Figure 1). There can be many reasons as to why someone would choose to use a keylogger. Many manufacturers of such soft- and hardware products     often advertise with some of the following legitimate reasons and scenarios:
- During an investigation to secure evidence
- As a backup of important documents and to prevent loss after a system or hardware crash
- Surveillance of children, e.g. to monitor unsuitable activities, such as surfing pornographic materials
- Surveillance of employees during work time to monitor abuse of resources
- Usage from private detectives and security consultants
Although some of these scenarios could be solved in a better way, and the usage may not be very ethical, keyloggers have become common place in the field of forensics and crime fighting area, their use can often be classed as valid. However, there is as with many other technologies, the possibility of malicious usage, and it is due to these types of usage that lead to use reading about it in the media. Thus keyloggers are often used to steal confidential data such as passwords and usernames, internal company data, bank details and similar data. This data is then often used by organized crime as a blackmail utility or resold to others at a premium. Although there are many different products and models with different functionalities available, keyloggers can be divided into two main parts: Software based keyloggers and hardware based keyloggers. As this article is focused exclusively on hardware keyloggers, software keyloggers will only be explained shortly for the sake of completeness. Software Keylogger Sophisticated software keyloggers offers a variety of functions, which goes way beyond the usual implied function – logging of keystrokes. Often it is possible to create screenshots from the target machine on a regularly basis, log the moment when a program was launched and logging of where the data was typed in. Most keyloggers offers in addition the possibility, to transmit automatically the logfiles to a specified e-mail address or server. Others offer the feature to record voice and webcam recordings, or manipulation of the data entered by the user (although all the latter mentioned functions have nothing to do with the basic function of a keylogger anymore they are often some kind of hybrid application or are included as part of some other programs, such as rootkits).
If you would like to read this article in full version, please use the link bellow to download (only for subscribers)