Keylogging

Keylogging is typically an overlooked threat. This may be in part because most people don’t know about all of the forms of keyloggers, they really only know that their identity has been stolen or their Facebook has been hacked. Keylogging is a pretty simple process, and anyone with either money or basic computer skills can do it.

One type of keylogging that most people don’t know about would have to be acoustic. Acoustic keyloggers can be used to monitor the sound created by someone typing on a computer. Each and every key on the keyboard makes a subtly different acoustic signature when it is stroked. It is then possible to identify which keystroke signature relates to which keyboard character by acoustic analysis. The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters. However a large number of key strokes is required in order to determine the exact keystrokes.

Another easy method of keylogging would have to be wireless sniffers. All the attacker has to do is find someone with a wireless keyboard. These sniffers work by collecting the packets of data being transferred from the keyboard to its receiver. Thus making it so anyone with a little extra money can be a keylogger.

The most common type of keylogging however is software based. Software based is usually hidden within malware and if left undetected can gather all your information an attacker would ever need to steal your identity and credit card information.

Keylogging is everywhere, the key to combating it is simple. If you’re useing wireless keyboards make sure it’s encrypted. If your going to be on your laptop in a public setting don’t check your banking. And finally you should always run regular virus and malware scans to avoid the software based attacks that could be lurking everywhere.

Advertisements

4 thoughts on “Keylogging

  1. Interesting and informative post. I think the issue with public awareness of keyloggers stems from both lack of knowledge, and lack of personal encounters. I know I wasn’t as aware of them until after an account of mine got hacked. Now I’m constantly on the lookout.
    Now, with regards to dealing with software keyloggers, I thought most anti-malware programs didn’t (or rarely) caught keyloggers.

  2. I agree with the aforementioned. Most people don’t pay attention to the simple threats that can occur to them, but I think it’s usually due to lack of awareness. The idea of acoustic keyloggers is very clever though. I did not know each key is identifiable by their keystroke’s acoustic signature. That leads me to thinking that computer engineers put a lot more effort than surfaced into configuring machines. With the appropriate materials, a person can extract all your information in no time with this keylogger. But I wonder, would this acoustic keylogger apply to cellular use too? Maybe not a keylogger, but a device that picks up the acoustic signature your phone produces with each button pressed, irregardless of what profile your phone is on (because it is likely that if you have a touch phone, and it is on silent, you may not be able to pick up any sound from the buttons). Or possibly one that detects vibrations unique to different buttons on the phone? Not sure, but this is interesting.

  3. The threat of acoustic keylogging seems very complex. Identifying each keystroke by its acoustic signature sounds hard to achieve because aren’t all keyboards different? And I’m guessing that the keylogger could mistake keys for others. If this type of keylogging is perfected however, it could be a major threat.

Comments are closed.