Hardware Key loggers : Complete guide in Hardware Key Logging and detection!

This is our Diwali special post.Wish you all a very happy and prosperous Diwali!Today we gonna see Hardware level Keystroke Logging which is a recent threat about which all of you guyz should be aware.



Keystroke logging aka Keylogging

It's a recent buzz word among script kiddles.Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

Types Of Keylogging

1.Software Based:
A sample Log file of a Keylogger
  • Hypervisor-based: Spyware Resides in a malware VMM lying underneath Operating System.
  • Kernel-based: Such spywares are often coupled with rootkits and work at the kernel level.They are  very hard to detect.
  • API-based: Here the program exploits Keyboard API and the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it.
  • Form grabbing based: Form grabbing-based keyloggers log web form submissions by recording the web browsing onsubmit event functions.
  • Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords.
  • Remote access Keyloggers: These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location.
2. Hardware Based Keyloggers 
Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.
  • Firmware-based: They work on BIOS.
  • Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector.
  • Wireless keyboard sniffers: These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver.
  • Keyboard overlays: Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it.
  • Acoustic keyloggers: Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when stroked.
  • Electromagnetic emissions: It is possible to capture the electromagnetic emissions of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it.
Out of these we are worried about hardware keyloggers :-)

Hardware Keyloggers often come in two versions:
1.As small devices about the size of a AA battery that are plugged in-line with your keyboard.
USB
PS/2
  • PS/2 Type
  • USB Type 

2.As a keyboard with an internal keylogger, or Trojan Keyboard.
Trojan Keyboard



Places where these device could be present

Almost every shared computer like the ones on libraries,cafes and even some companies have started using keyloggers to monitor the usage statistics of workers. Use of such devices for parential monitor is an accepted practice.

Possible Hazards

I think the vulnerability depends on the seriousness of work.Suppose if you are surfing on internet for homework assistance or assignments etc then you are less vulnerable.But if you are doing some serious job like something work related or you are logging into some web account then i'll say that you are vulnerable.

Advantages of Hardware Keylogger
  1. Most software keyloggers are detected by anti-malware apps. Depending on which software package is used, the anti-virus system will likely detect the keylogger and remove it, or at the very least report it to the user. Hardware keyloggers, on the other hand, are very hard to detect without physical inspection.
  2. Some of the good ones out there loads before your OS and can log even Bios Passwords.
  3. Hardware keyloggers can support logging of almost any OS, as long as the keyboard is a fairly standard USB HID (Human Interface Device). Windows, Linux, Mac OS X - it makes little difference to a hardware keylogger.
Disadvantages 
  1.  Need of Physical access make it unusable in networked systems and many practical situations.
  2. On detection such devices can easily removed.But a Software based Keylogger can't be removed that easily and it depends on the users privilege level, or how knowledgeable they are about how to gain a higher privilege level.
  3. Very Expensive.
  4. Can't take snaps of screen or collect details on active applications.

Detection
How to connect a keylogger


By taking a peek behind your system and following your keyboard cable, you can find out if there is something "odd" inserted between your keyboard and computer.If you see a device about the size of a AA battery along your keyboard line, it could either be a filter, which is harmless, or a hardware keylogger.  Look at the device carefully for connectors which would make it removable.  If it appears that the device can be removed from in between the keyboard and computer, chances are that it is a hardware keylogger.

To prevent the threat of Trojan Keyboards , make sure that you are using the keyboard that was shipped with your computer, or that you unpacked after purchasing from a reputable store.  If a "friend" offers a new keyboard for free and they may have an alterior motive, be very cautious!  If in doubt, buy a new keyboard as they're quite inexpensive.While removing these keyloggers make sure to shutdown your system first and then remove it .

What if you really had a keylogger?

After removing the hardware keylogger, it is vital that you change all your passwords as they may have been compromised.  Think about your online banks and other services where personal information may be at risk and contact them to let them know that your data may have been stolen.

After removing the hardware keylogger, you may want to physically destroy the unit to ensure that the data contained within can not be retrieved.  Be aware, however, that some hardware loggers can send their data out secretly and do not require physical access after the device was initially planted.

Alternatively, the device may be evidence that you can use in a prosecution should it be a criminal theft.  If this may be the case, store the device in a safe place, being careful to avoid contamination of possible fingerprints and contact your local law enforcement for help.

Note : Document prepared from the content of http://spycop.com , http://www.irongeek.com and http://en.wikipedia.org

Comments

  • Disclaimer

    This Site may contain articles related to "Hacking" but they are hosted in our site for educational purpose only.They are meant to give a better insight to the recent cyber threats. Neither Te-Bay nor it's contributors will be responsible for any damage arising from misuse of information hosted here . If you are not willing to accept these conditions, please stop using this site and the information hosted here.

  • Search

  • Buy & Get Lucky On Te-Bay

    Cheapest & Genuine Online Store
    Flipkart.com

    We Are Hot Favorite For...

      Subscribe 2 Our Newsletter

      Enter your email address:

      Delivered by FeedBurner

      Join our Community