Keyloggers–How they Work, How to Detect they and Safety Measures against them

Keyloggers–How they Work, How to Detect them and Safety Measures-An action  recording the key board strokes of a remote computer or preparing the log of the key board hits of a remote computer without his knowledge is termed as keylogging or keystroke logging. Both hardware and software are used for Key logging but use of a device for keylogging is rare and software is mostly used for this purpose. Keylogging is being for both legitimate or illegal purposes.

Keyloggers–How they Work, How to Detect it and Safety Measures

Hardware Based Key Logging

Keyboard Overlaying

This is mostly used for ATM data theft placing a keypad over it by the criminals. The device is designed and placed in a way that it looks like an integral part of the ATM so that the customers do not recognize it. Each key pressed by the user or customer on ATM’s key board is simultaneously recorded by the criminal’s keypad.

Wireless KeyBoard Key Logging

This type of Key Logging intercepts data transferred from a wireless keyboard and it’s receiver. This is called the passive sniffing. All the data transferred are always in an encrypted form hence this may need to be cracked beforehand if the transmissions are to be read.

Firmware based Keylogging 

In this method the Basic Input Optput System need to be modified and root level access to the machine is required. A hardware specific software is also needed to be loaded in The BIOS.

Acaustic Key logging

Each key on a key board has it’s own unique signature. This signature is used to monitor and acoustic crypt and analysis and it is possible to identify the signature of the key strokes. Some stastistical method like frequency analysis may be involved.

Optical Surveillance Key Logging

This method is mostly used to capture PINS and pass words in a bank’s ATM. A camera is used and placed strategically or hidden some where in side the ATM which watches and records each and every event of entering PINs or Pass words by the users.

Electronic Emission Key Logging

A key board while working emits electro magnetic waves and this electromagnetic wave can reach upto 20 meters(65 Feet) in each side without any type of physical wire or connection. These data can be easily intercepted in a 65 feet radius using a wide band receiver.

Software Based Key Logging

Kernel Key Logging

In this key logging method a software is used to hide and gettiting the root in the operating system it self and resides there as if a part of the operating system. It always go through the kernel and constantly intercepts the key strokes of the key board. It is difficult to detect for the user mode applications who do not have access to root.

API Key Logging 

In this Key Logging method The key Logger registers himself as if it was a part of the software and hooks key board Application Programming Interface while the application is running and each time a key on the key board is presses and released, the key logger automatically receives a signal.

Packet Analyzing Key Logging

The packet analyzing key logging works on non https connections only. The creation of https was in fact to combat the packet analyzing only. In this method only the unencrypted traffic is targeted.

Writing Process Research key logging

The writing process research key logging is used in a variety of contexts like professional or creative writing or any expert writing in any specialized area or domain of high standard educational institutions may be targeted.

Memory Injection Key Logging

This technique is used by malware writers to bypass windows user account control. Key Loggers alter browser bases memory tables by patching memory tables or directly injecting into memory. Though non window users remain protected.

Hypervisor Key Logging

A malware Hypervisor is used in this method. It remains hidden under the Operating System and remains untraceable.

Form Grabbing Key Logging

Form Grabbing Key Logging records form submissions at the time of it’s final submission by the user while he clicks the submit button. Like, “submit”, “OK”, “Go” etc. or any other action of the user which indicates that he has finished and before passing the data over the web, it is recorded with the Key Logger.

Remote Access Key Logging

These key loggers operate from a distance but their target is data recorded locally. For this a remote communication need to be established which they achieve by periodically uploading data on a website or File Transfer Protocol server, Emailing to a predefined address, wirelessly transmitting to a hardware attached. They are a real threat because they can bypass the https.

Detection and Protection from Key Loggers

1. Use a standard anti-virus which is capable to detect potential malicious software 

2. Use an anti keylogger software specifically designed to detect keyloggers on a computer because as anti keyloggers have been designed specifically to detect keyloggers, and are more effective than conventional anti virus software.

3. Proactive protection will protect the system against new ,modifications of existing keyloggers. 

4. Use a virtual keyboard or a system to generate one-time passwords to protect against keylogging software and hardware. 

5. Reboot your computer with a CD or a write protected USB drive properly updated and free from malware. 

6. Use reverse firewall to alert when an application attempts to make a connection. 

7. Use Automatic form fillers to remove the requirement of filling personal details and pass words to avoid key stroke monitoring by a key logger.

8. One Time pass word may be a measure for key logger safety because the pass word expires once used or on expiry of a certain time.

9. Use virtual key boards because each time you open the key board, the position of the keys is changed automatically. 

10. Key Stroke Interface Software may also prove some helpful. 

11. Voice recognition Software may be very useful because there is no key strokes, typing or any key board action involved.