Hardware Key loggers : Complete guide in Hardware Key Logging and detection!
It's a recent buzz word among script kiddles.Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
Types Of Keylogging
 |
| A sample Log file of a Keylogger |
- Hypervisor-based: Spyware Resides in a malware VMM lying underneath Operating System.
- Kernel-based: Such spywares are often coupled with rootkits and work at the kernel level.They are very hard to detect.
- API-based: Here the program exploits Keyboard API and the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it.
- Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the web browsing onsubmit event functions.
- Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords.
- Remote access Keyloggers: These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location.
Hardware-based keyloggers do not depend upon any software being
installed as they exist at a hardware level in a computer system.
- Firmware-based: They work on BIOS.
- Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector.
- Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver.
- Keyboard overlays: Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it.
- Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when stroked.
- Electromagnetic emissions: It is possible to capture the electromagnetic emissions of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it.
Hardware Keyloggers often come in two versions:
Places where these device could be present
Almost every shared computer like the ones on libraries,cafes and even some companies have started using keyloggers to monitor the usage statistics of workers. Use of such devices for parential monitor is an accepted practice.
Possible Hazards
I think the vulnerability depends on the seriousness of work.Suppose if you are surfing on internet for homework assistance or assignments etc then you are less vulnerable.But if you are doing some serious job like something work related or you are logging into some web account then i'll say that you are vulnerable.
Advantages of Hardware Keylogger
After removing the hardware keylogger, it is vital that you change all your passwords as they may have been compromised. Think about your
online banks and other services where personal information may be at risk
and contact them to let them know that your data may have been stolen.
After removing the hardware keylogger, you may want to physically destroy the unit to ensure that the data contained within can not be retrieved. Be aware, however, that some hardware loggers can send their data out secretly and do not require physical access after the device was initially planted.
Alternatively, the device may be evidence that you can use in a prosecution should it be a criminal theft. If this may be the case, store the device in a safe place, being careful to avoid contamination of possible fingerprints and contact your local law enforcement for help.
Note : Document prepared from the content of http://spycop.com , http://www.irongeek.com and http://en.wikipedia.org
1.As small devices about the size of a AA battery that are plugged in-line with your keyboard.
 |
| USB |
 |
| PS/2 |
- PS/2 Type
- USB Type
2.As a keyboard with an internal keylogger, or Trojan Keyboard.
 |
| Trojan Keyboard |
Places where these device could be present
Almost every shared computer like the ones on libraries,cafes and even some companies have started using keyloggers to monitor the usage statistics of workers. Use of such devices for parential monitor is an accepted practice.
Possible Hazards
I think the vulnerability depends on the seriousness of work.Suppose if you are surfing on internet for homework assistance or assignments etc then you are less vulnerable.But if you are doing some serious job like something work related or you are logging into some web account then i'll say that you are vulnerable.
Advantages of Hardware Keylogger
- Most software keyloggers are detected by anti-malware apps. Depending on which software package is used, the anti-virus system will likely detect the keylogger and remove it, or at the very least report it to the user. Hardware keyloggers, on the other hand, are very hard to detect without physical inspection.
- Some of the good ones out there loads before your OS and can log even Bios Passwords.
- Hardware keyloggers can support logging of almost any OS, as long as the keyboard is a fairly standard USB HID (Human Interface Device). Windows, Linux, Mac OS X - it makes little difference to a hardware keylogger.
- Need of Physical access make it unusable in networked systems and many practical situations.
- On detection such devices can easily removed.But a Software based Keylogger can't be removed that easily and it depends on the users privilege level, or how knowledgeable they are about how to gain a higher privilege level.
- Very Expensive.
- Can't take snaps of screen or collect details on active applications.
Detection
 |
| How to connect a keylogger |
 |
By taking a peek behind your system and following your keyboard cable,
you can find out if there is something "odd" inserted between your keyboard
and computer.If you see a device about the size of a AA battery along your
keyboard line, it could either be a filter, which is harmless, or a hardware
keylogger. Look at the device carefully for connectors which would
make it removable. If it appears that the device can be removed from
in between the keyboard and computer, chances are that it is a hardware
keylogger.
To prevent the threat of Trojan Keyboards , make sure that you are using the keyboard that was shipped with your computer, or that you unpacked after purchasing from
a reputable store. If a "friend" offers a new keyboard for free and
they may have an alterior motive, be very cautious! If in doubt,
buy a new keyboard as they're quite inexpensive.While removing these keyloggers make sure to shutdown your system first and then remove it .
What if you really had a keylogger?
After removing the hardware keylogger, you may want to physically destroy the unit to ensure that the data contained within can not be retrieved. Be aware, however, that some hardware loggers can send their data out secretly and do not require physical access after the device was initially planted.
Alternatively, the device may be evidence that you can use in a prosecution should it be a criminal theft. If this may be the case, store the device in a safe place, being careful to avoid contamination of possible fingerprints and contact your local law enforcement for help.
Note : Document prepared from the content of http://spycop.com , http://www.irongeek.com and http://en.wikipedia.org
Comments
