<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Was That Always There? A Hardware Keylogger Threat

Alex Jablokow| September 12 2017

| Security


A hardware keylogger can be installed by anyone with access to the space and the nerve to do it.

A key logger is something that records everything typed on a keyboard or other input device. Software keyloggers are more common, and better known. They are malware installed on the victim’s computer.

Characteristics of Hardware Keyloggers

A hardware keylogger is a physical device, such as a USB stick, a PS2 cable, or a wall charger, which records keystrokes and other data. These have typically been wired, but wireless sniffing types have appeared as well.

Keylogger software can be installed via phishing emails. Hardware keyloggers require someone to have physical access to the location, the reason most hardware keylogger cases have been in public places like libraries, or less-secure, widely traveled places like schools—or, in at least one case, a newsroom.

Since they detect and store the actual keystrokes entered by a keyboard, a hardware keylogger bypasses a lot of encryption and other standard security barriers.


Advantages and Disadvantages to Hackers

Hardware keyloggers can’t be detected through any kind of anti-virus software or other software investigation.

They are physically detectable, though no one usually thinks to check for them. They are often installed in the back of a computer, or in other places which are not normally examined.
Keyloggers can have an appeal to those who want to find something specific, like a password, but lack the savvy to get malware on the target computer. A hardware keylogger can be installed by anyone with access to the space and the nerve to do it.

Wireless Keyboard Vulnerabilities

Hardware keyloggers have long focused on standard PS2 keyboards, but now, with devices such as KeySweeper, wireless keyboards as well may be at risk as well. KeySweeper has been concealed inside of a USB charger—which really functions as a USB charger— but it could hide inside anything. It contains an Arduino microcontroller that can connect to wireless keyboards and sniff and log their keystrokes.

Encryption was never a big concern for wireless keyboards. More recently, many wireless keyboards have begun using encryption, including 2.4GHz Microsoft keyboards manufactured since 2011. Nevertheless, the FBI put out a warning about devices similar to KeySweeper in May, 2017—much too late, according to some industry opinions.

Hardware Keystroke Logger Examples

In 2015, someone at a German left-wing newspaper, Die Tageszeitung, found a USB stick hardware keylogger on a newsroom computer. A reporter was apparently collecting data on other employees, or the newspaper’s operations.

Schools are a common place for hardware keylogging. Cases include a student in Birmingham who stole staff passwords to retroactively increase recorded test scores, a Russian student at Singapore Management University who got access to other students’ tests while actually taking it (and when that did not work, tried deleting everyone’s test records in the hopes of a retest), and 11 students were expelled from a private school in California after they used keylogger-derived logins to change their grades.

Increasing Connectivity in Hardware Keyloggers

A hardware keylogger used to make a hacker particularly vulnerable at two points: when the device was introduced, and when it was recovered to gain access to the stored keystroke data. The first is still necessary, but now a keylogger can, with a SIM chip from a cellular provider and a few other pieces of supporting hardware, connect to a cellular network and transmit its log file.

Many hackers have been caught when they came to recover their hardware. Now, the remote keylogger might be found, but there will be no way to confirm who put it there, or why.

How Big is the Threat?

Most of the more ominous-sounding threats are really proof-of-concept demos by sophisticated security experts in order to reveal potential vulnerabilities, and not real devices uncovered during security sweeps. Most real cases of keylogging have been pretty low-level, as the examples show.

As a result, most businesses have been reluctant to impose the cost of USB registration, physical separation, or other hardware restrictions on their employees.
But as keylogging technology becomes more sophisticated, and the perpetrators harder to detect or trace, it is likely a larger and more prominent breach involving hardware keyloggers or sniffers will occur. It’s just that everyone assumes it will happen to someone else first. And, of course, almost everyone will be correct.

Topics: Security

Leave a Reply

Your email address will not be published. Required fields are marked *


Alex Jablokow is a freelance writer who specializes in technical and healthcare business. He blogs about the Internet of Things, software, inertial guidance systems, and other topics for business clients. Sturdy Words, his freelance content business, is at www.sturdywords.com.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.