A hardware keylogger can be installed by anyone with access to the space and the nerve to do it.
A key logger is something that records everything typed on a keyboard or other input device. Software keyloggers are more common, and better known. They are malware installed on the victim’s computer.
Characteristics of Hardware Keyloggers
A hardware keylogger is a physical device, such as a USB stick, a PS2 cable, or a wall charger, which records keystrokes and other data. These have typically been wired, but wireless sniffing types have appeared as well.
Keylogger software can be installed via phishing emails. Hardware keyloggers require someone to have physical access to the location, the reason most hardware keylogger cases have been in public places like libraries, or less-secure, widely traveled places like schools—or, in at least one case, a newsroom.
Since they detect and store the actual keystrokes entered by a keyboard, a hardware keylogger bypasses a lot of encryption and other standard security barriers.
Advantages and Disadvantages to Hackers
Hardware keyloggers can’t be detected through any kind of anti-virus software or other software investigation.
They are physically detectable, though no one usually thinks to check for them. They are often installed in the back of a computer, or in other places which are not normally examined.
Keyloggers can have an appeal to those who want to find something specific, like a password, but lack the savvy to get malware on the target computer. A hardware keylogger can be installed by anyone with access to the space and the nerve to do it.
Wireless Keyboard Vulnerabilities
Hardware keyloggers have long focused on standard PS2 keyboards, but now, with devices such as KeySweeper, wireless keyboards as well may be at risk as well. KeySweeper has been concealed inside of a USB charger—which really functions as a USB charger— but it could hide inside anything. It contains an Arduino microcontroller that can connect to wireless keyboards and sniff and log their keystrokes.
Encryption was never a big concern for wireless keyboards. More recently, many wireless keyboards have begun using encryption, including 2.4GHz Microsoft keyboards manufactured since 2011. Nevertheless, the FBI put out a warning about devices similar to KeySweeper in May, 2017—much too late, according to some industry opinions.
Hardware Keystroke Logger Examples
In 2015, someone at a German left-wing newspaper, Die Tageszeitung, found a USB stick hardware keylogger on a newsroom computer. A reporter was apparently collecting data on other employees, or the newspaper’s operations.
Schools are a common place for hardware keylogging. Cases include a student in Birmingham who stole staff passwords to retroactively increase recorded test scores, a Russian student at Singapore Management University who got access to other students’ tests while actually taking it (and when that did not work, tried deleting everyone’s test records in the hopes of a retest), and 11 students were expelled from a private school in California after they used keylogger-derived logins to change their grades.
Increasing Connectivity in Hardware Keyloggers
A hardware keylogger used to make a hacker particularly vulnerable at two points: when the device was introduced, and when it was recovered to gain access to the stored keystroke data. The first is still necessary, but now a keylogger can, with a SIM chip from a cellular provider and a few other pieces of supporting hardware, connect to a cellular network and transmit its log file.
Many hackers have been caught when they came to recover their hardware. Now, the remote keylogger might be found, but there will be no way to confirm who put it there, or why.
How Big is the Threat?
Most of the more ominous-sounding threats are really proof-of-concept demos by sophisticated security experts in order to reveal potential vulnerabilities, and not real devices uncovered during security sweeps. Most real cases of keylogging have been pretty low-level, as the examples show.
As a result, most businesses have been reluctant to impose the cost of USB registration, physical separation, or other hardware restrictions on their employees.
But as keylogging technology becomes more sophisticated, and the perpetrators harder to detect or trace, it is likely a larger and more prominent breach involving hardware keyloggers or sniffers will occur. It’s just that everyone assumes it will happen to someone else first. And, of course, almost everyone will be correct.