Why is keystroke logging so dangerous?
Every button you press, they'll be watching you...
Keystroke logging is the process of recording every keystroke made on a keyboard. You've probably heard about "keyloggers" while reading into malware – the tools used to carry out keystroke logging.
While keylogging has some legitimate uses, such as monitoring work productivity, most of the time it's a serious threat to privacy. Keyloggers can stealthily collect and exfiltrate sensitive data like login credentials, financial information, and private conversations without you ever realizing it.
Thankfully, there are a few different ways to keep yourself safe from keyloggers. Read on and I'll explain more about how keystroke logging works, why they're so dangerous, and what you can do to protect yourself.
What is keystroke logging?
Keystroke logging is a method of surveillance that works by capturing and storing every keypress made on a device's keyboard.
Both computers and mobile devices are susceptible to keystroke logging, even though mobile devices don't tend to have a physical keyboard.
Keylogged information is typically packaged into a text file and sent to the person who set up the keylogger. While there are some cases where the user is made aware that what they're typing is being recorded, in most cases the user remains completely unaware that any surveillance is taking place.
A keylogger can capture anything typed on a keyboard. Basic keyloggers only capture the typed characters, but an advanced one can provide metadata – like when the characters were typed and how long the button was held. This metadata can be correlated with screenshots taken by malware to give a complete picture of what you're doing online and offline.
Keystroke loggers can be classified into two main types: hardware-based and software-based. Both pose serious privacy risks when used maliciously, but they're used in different ways.
Hardware keyloggers
Hardware keyloggers are physical devices that intercept keyboard signals as they travel to a computer.
These loggers are often small and can be hidden inside a computer, keyboard, or connected to a USB port as a passthrough between your keyboard and the computer.
Hardware keyloggers do not require any software installation, making them harder for even today's best antivirus programs to detect. Essentially, the passthrough keylogger acts as a second keyboard so, from the computer's perspective, it's like you're typing normally. The keylogger captures every key pressed and stores this data internally – or transmits it wirelessly to an attacker.
You're unlikely to encounter a hardware logger because they require physical access to the target device – basically, an attacker would need to install the keylogger on the victim's computer directly.
However, you may still encounter hardware keyloggers in public spaces or the workplace. It's far easier for an aspiring hacker to install a small physical device in a place they can gain relatively easy access to. If you find any hardware you don't recognize on your workstation, report it immediately.
Software keyloggers
Software keyloggers are the real problem. Unlike hardware keyloggers, they run on the computer itself in the background, often completely hidden from the actual user.
They're far more common, due to the ease of deployment, and can be installed remotely through phishing attacks or by tricking the user into downloading the software.
From bogus emails, fake texts, and dodgy DMs, phishing attacks are everywhere. Check out our guide to phishing for all the details.
A common installation tactic involves social engineering, where the attacker convinces the victim to download a file or click a link in an email.
The keylogger is usually disguised as legitimate software or embedded within a seemingly harmless attachment. Once installed, it begins capturing keystrokes without triggering obvious alerts, running in the background of a target device, recording keystrokes and saving the data to hidden files.
Software keyloggers are significantly more versatile than their hardware counterparts. They're usually bundled with other software that can capture screenshots, track application usage, or exfiltrate files in addition to keystrokes. If you've been infected with a keylogger, you should assume that your whole machine has been compromised
Why keystroke logging is so dangerous
It's important to remember that not all forms of keylogging are illegal. Some employee monitoring software uses keylogging to ensure that work equipment is used according to an organization's code of conduct.
There are also plenty of tools that allow concerned parents to monitor what their children are typing on their devices. The ethics of these tools is up for debate – but the point here is that there are legitimate keylogging use cases.
The real danger lies in the potential for abuse, especially when keylogging is used to gather sensitive information without the user's consent.
You might be aware you're being monitored on a work computer and act accordingly, but in your private life, there's a bunch of information you wouldn't want a third party to access. You're more likely to type out passwords and banking details in real life, after all.
A keylogger can capture email addresses you've typed, phone numbers, physical addresses, and a wealth of other personal information shared between you and your friends or colleagues.
When combined, this information can provide a comprehensive profile of a person's online life and behavior. It's bad enough that advertising companies use this data to create detailed user profiles (and serve up targeted ads) – but if you're the victim of a keylogger, there's likely a cybercriminal on the other end exploiting your data for their direct gain.
With keystroke-logged data, cybercriminals can:
- Sell the information on the dark web: there's a booming market on the dark web for stolen login credentials, financial information, and personal data which can all be sold for a profit.
- Commit identity theft and financial fraud: there's a variety of different identity theft attacks a hacker can make using collected data, including opening new bank accounts, applying for credit, or emptying existing accounts.
- Attempt blackmail: targeted incidents of blackmail have been on the rise for the last few years. Essentially, a hacker demands a cryptocurrency ransom from the victim in return for not releasing sensitive information recorded from the device by a keylogger.
- Stalk a victim: a hacker could record and release personal information publicly to harass or endanger the victim. Keyloggers usually come bundled with other malware that can record location-based information to monitor movements in aid of stalking or burglary.
What can you do to avoid keystroke logging?
It’s very hard to get your data privacy back once it’s out in the wild. The best way to mitigate the impact of a keylogger is to prevent keystroke logging in the first place. Here are some essential tips to help you protect yourself:
- Invest in powerful antivirus software: aa good antivirus should be one of the cornerstones of your security strategy. Keyloggers all tend to have pretty similar functionality, so even if an antivirus program doesn't detect and block the malware before installation, it'll probably catch it before it starts running.
- Ensure all programs and devices are up to date: while you're more likely to be attacked by downloaded malware, it's still important to ensure your operating system is regularly patched against remote attacks, as well as any software you're running that could be exploited.
- Don't use suspicious or unknown USBs or hard drives: some systems are vulnerable to drive-by downloads via USB sticks. Don't use removable devices from unknown sources, as they could contain hardware keyloggers or malware.
- Don't click on or download attachments from unknown sources: phishing emails often contain links or attachments that install keyloggers on your device. Be wary of unsolicited messages – especially if they're asking you to download files.
- Know what you're agreeing to when installing new apps or software: one of the most common malware installation vectors is bundled with seemingly useful software. You should always check an app's permissions if you can, and block any apps that collect excessive data from your device. There's no good reason why a flashlight app needs access to your contacts, for example.
- Use a password manager to auto-fill password forms: unfortunately, this one only beats hardware-based keyloggers. Copying and pasting a password, or using an auto-fill password, won't cause sensitive keystrokes to be passed from the keyboard. However, a software keylogger will be able to capture all of the data being sent through your computer no matter its form.
- Check your workstation: it's always worth inspecting your desk once in a while to see if something has been plugged into your machine that you don't recognize. It is pretty unlikely, but better safe than sorry.
Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.