Keylogging (short for keystroke logging) is the practice of covertly recording input signals into a computer from a keyboard so the computer user is unaware. It can be accomplished using various methods – both software and hardware. These can range from low-level rootkits and operating system-level API-based programs to physical devices connected with a keyboard\u2019s connection to a computer and analysis of electromagnetic signals emitted by a target keyboard from up to 20 meters (66 feet) away.<\/p>\n\n\n\n
Keylogging capabilities are often added to various botnet malware (such as the Zeus Trojan) to steal personal or financial information.<\/p>\n\n\n\n
Keystroke logging is an act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user. A \u201ckeystroke\u201d is just any interaction you make with a button on your keyboard.<\/p>\n\n\n\n
Keystrokes are how you \u201cspeak\u201d to your computers. Each keystroke transmits a signal that tells your computer programs what you want them to do.<\/p>\n\n\n\n
These commands may include:<\/p>\n\n\n\n
When logged, all this information is like listening to a private conversation. You believe you\u2019re only \u201ctalking\u201d with your device, but another person is listening and writing down everything you said. With our increasingly digital lives, we share a lot of highly sensitive information on our devices.<\/p>\n\n\n\n
User behaviors and private data can easily be assembled from logged keystrokes. Everything from online banking access to social security numbers is entered into computers. Social media, email, websites visited, and even text messages sent can all be highly revealing.<\/p>\n\n\n\n
A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer. Keylogger software is also available for use on smartphones, such as the Apple iPhone and Android devices.<\/p>\n\n\n\n
Keyloggers are often used as spyware\u00a0tools by cybercriminals to steal\u00a0personally identifiable information\u00a0(PII), login credentials and sensitive enterprise data. However, some uses of keyloggers could be considered ethical or appropriate in varying degrees. Keylogger recorders may also be used by:<\/p>\n\n\n\n
Keylogger tools<\/strong> can either be hardware or software meant to automate the process of keystroke logging. These tools record the data sent by every keystroke into a text file to be retrieved at a later time. Some tools can record everything on your copy-cut-paste clipboard, calls, GPS data, and even microphone or camera footage.<\/p>\n\n\n\n Keyloggers are surveillance tools with legitimate uses for personal or professional IT monitoring. Some of these uses enter an ethically questionable grey area. However, other keylogger uses are explicitly criminal.<\/p>\n\n\n\n Regardless of the use, keyloggers are often used without the user\u2019s fully aware consent and keyloggers are used under the assumption that users should behave as normal.<\/p>\n\n\n\n Keylogger tools are mostly constructed for the same purpose. But they\u2019ve got important distinctions in terms of the methods they use and their form factor.<\/p>\n\n\n\n Here are the two forms of keyloggers:<\/p>\n\n\n\n Hardware keyloggers are physical components built-in or connected to your device. Some hardware methods may be able to track keystrokes without even being connected to your device. For brevity, we\u2019ll include the keyloggers you are most likely to fend against:<\/p>\n\n\n\n Software keyloggers are computer programs that install onto your device\u2019s hard drive. Common keylogger software types may include:<\/p>\n\n\n\n How a keylogger works depends on its type. Hardware and software keyloggers work differently due to their medium.<\/p>\n\n\n\n Most workstation keyboards plug into the back of the computer, keeping the connections out of the user’s line of sight. A hardware keylogger may also come in the form of a module that is installed inside the keyboard itself. When the user types on the keyboard, the keylogger collects each keystroke and saves it as text in its own\u00a0hard drive, which may have a\u00a0memory<\/a>\u00a0capacity up to several gigabytes. <\/p>\n\n\n\n The person who installed the keylogger must later return and physically remove the device to access the gathered information. There are also wireless keylogger sniffers that can intercept and decrypt data packets transferred between a wireless keyboard and its receiver.<\/p>\n\n\n\n A common software keylogger typically consists of two files that get installed in the same directory: a\u00a0dynamic link library (DLL)\u00a0file that does the recording and an\u00a0executable\u00a0file that installs the DLL file and triggers it. The keylogger program records each keystroke the user types and periodically uploads the information over the internet to whoever installed the program. <\/p>\n\n\n\n Hackers can design keylogging software to use keyboard application program interfaces (APIs) for another application, malicious script injection or memory injection.<\/p>\n\n\n\n To explain the uses of keylogging, you\u2019ll have to consider: what is keylogger activity legally limited to? Four factors outline if keylogger use is legally acceptable, morally questionable, or criminal:<\/p>\n\n\n\n Legal keylogger use<\/strong> requires the person or organization implementing it to:<\/p>\n\n\n\n Consent is notably absent from this list. Keylogger users don\u2019t have to obtain consent unless laws in the area of use require them to. This is ethically questionable for uses where people are not made aware that they are being watched.<\/p>\n\n\n\n In consensual cases, you may allow keystroke logging under clear language within terms of service or a contract. This includes any time you click \u201caccept\u201d to use public Wi-Fi or when you sign an employer\u2019s contract.<\/p>\n\n\n\n Here are some common legitimate uses for keyloggers:<\/p>\n\n\n\n You might find legal keyloggers are in your daily life more than you realize. Fortunately, the power to control your data is often in your hands if the monitoring party has asked for access. Outside of employment, you can simply decline permission to the keyloggers if you so choose.<\/p>\n\n\n\n Non-consensual legal use of keylogging\u00a0is more questionable. While it violates the trust and privacy of those being watched, this type of use likely operates in the bounds of the laws in your area.<\/p>\n\n\n\n In other words, a keylogger user can monitor computer products they own or make. They can even monitor their children\u2019s devices legally. But they cannot surveil devices outside of their ownership. This leaves a bit of a grey area that can cause problems for all involved.<\/p>\n\n\n\n Without consent, people and organizations can use keyloggers for:<\/p>\n\n\n\n Even consent that has been buried under legal jargon within a contract or terms of service can be questionable. However, this does not explicitly cross the line of legality either.<\/p>\n\n\n\n Illegal keylogger use\u00a0completely disregards consent, laws, and product ownership in favor of nefarious uses. Cybersecurity experts usually refer to this use case when discussing keyloggers.<\/p>\n\n\n\n When used for criminal purposes, keyloggers serve as malicious spyware meant to capture sensitive information. Keyloggers record data like passwords or financial information, which is then sent to third parties for criminal exploitation.<\/p>\n\n\n\n Criminal intent can apply in cases where keyloggers are used to:<\/p>\n\n\n\n Once the line has been crossed into criminal territory, keyloggers are regarded as malware. Security products account for the entire user case spectrum, so they may not label discovered keyloggers as immediate threats. Similarly to\u00a0adware, the intent can be completely ambiguous.<\/p>\n\n\n\n Threats of keyloggers can come from many issues around the collection of sensitive data. When you are unaware that everything you type onto your computer keyboard is being recorded, you may inadvertently expose your:<\/p>\n\n\n\n Sensitive information like this is highly valuable to third parties, including advertisers and criminals. Once collected and stored, this data then becomes an easy target for theft.<\/p>\n\n\n\n Data breaches\u00a0can expose saved keystroke logs, even in legitimate use cases. This data can easily be leaked inadvertently via an unsecured or unsupervised device or through a\u00a0phishing attack. More common leaks can occur by a direct criminal attack with malware or other means. Organizations collecting mass keylogging data can be prime targets for a breach.<\/p>\n\n\n\n Criminal use of keyloggers\u00a0can collect and exploit your information just as easily. Once they\u2019ve infected you with malware via\u00a0drive-by download\u00a0or other means, time is of the essence. They can access your accounts before you even know that your sensitive data has been compromised.<\/p>\n\n\n\n Due to the variety of keyloggers that use different techniques, no single detection or removal method is considered the most effective. Since keyloggers can manipulate an operating system kernel, examining a computer’s Task Manager isn’t necessarily enough to detect a keylogger.<\/p>\n\n\n\n Security software, such as an anti-keylogger software program, is designed specifically to scan for software-based keyloggers by comparing the files on a computer against a keylogger signature base or a checklist of common keylogger attributes. Using an anti-keylogger can be more effective than an antivirus or antispyware program. The latter may accidentally identify a keylogger as a\u00a0legitimate program instead of spyware.<\/p>\n\n\n\n Depending on the technique an antispyware application uses, it may be able to locate and disable keylogger software with lower privileges than it has. Using a network monitor will ensure the user is notified each time an application tries to make a network connection, allowing a security team to stop any possible keylogger activity.<\/p>\n\n\n\n While visual inspection can identify hardware keyloggers, it is impractical and time-consuming to implement on a large scale. Instead, individuals can use a firewall to help protect against a keylogger. Since keyloggers transmit data back and forth from the victim to the attacker, the firewall could discover and prevent that data transfer.<\/p>\n\n\n\n Password managers that automatically fill in username and password fields may also help protect against keyloggers.\u00a0Monitoring software\u00a0and antivirus software can also keep track of a system’s health and prevent keyloggers.<\/p>\n\n\n\n System cages that prevent access to or tamper with USB and PS\/2 ports can be added to the user’s desktop setup. Extra precautions include using a\u00a0security token\u00a0as part of\u00a0two-factor authentication (2FA)\u00a0to ensure an attacker cannot use a stolen password alone to log in to a user’s account, or using an\u00a0onscreen keyboard\u00a0and\u00a0voice-to-text\u00a0software to circumvent using a physical keyboard.<\/p>\n\n\n\n Application allowlisting\u00a0can also be used to allow only documented, authorized programs to run on a system. It is also always a good idea to keep any system up to date.<\/p>\n\n\n\nTypes of keyloggers<\/strong><\/h3>\n\n\n\n
Hardware keyloggers<\/strong><\/h4>\n\n\n\n
\n
Software keyloggers<\/strong><\/h4>\n\n\n\n
\n
How keyloggers work<\/strong><\/h2>\n\n\n\n
Uses for keylogging<\/strong><\/h2>\n\n\n\n
\n
Legal consensual keylogging uses<\/strong><\/h3>\n\n\n\n
\n
\n
Legal ethically ambiguous keylogging uses<\/strong><\/h3>\n\n\n\n
\n
Criminal keylogging uses<\/strong><\/h3>\n\n\n\n
\n
Why keylogging can be a threat<\/strong><\/h2>\n\n\n\n
\n
Keylogging detection and removal<\/strong><\/h2>\n\n\n\n
Protection against keylogging<\/strong><\/h2>\n\n\n\n
Recommended Articles <\/strong><\/span><\/h2>\n\n\n\n
\n
References<\/strong><\/span><\/h2>\n\n\n\n
\n