Hardware key-loggers: What you need to know

By
Tim Bullock
February 20, 2011Posted in: CIO, CIO & COO, key-logger, Security
Key-logger

What is a key-logger?

A key-logger is a small device that connects in-line to a keyboard connected via USB or PS2 style plug. It is small and looks like a ‘fat’ adaptor.

These are small hardware devices that work with no installed software – unlike the software key-loggers that are either installed by virus/malware or yourself to typically monitor your children.

It contains memory that records all the keystrokes of a keyboard – that includes your user name, password and any other details you type. Just imagine all your details being recorded when you logon to your Internet banking website.

The device can be removed later when you are not near the PC and all the captured key strokes displayed.

.

Are they really a risk ?

Most definitely ! Click here for a news story of how they were used in a public library in Manchester UK.

In 2005, Sumitomo Bank in London had multiple hardware key-loggers installed by cleaning staff. The attackers attempted to steal GBP£220m. Read here for further details.

.

Here’s the bad news

  • They can be easily concealed at the back of a PC.
  • They look like a standard USB or PS2 adaptor.
  • They avoid detection by software – this includes ‘end-point security’ type software.
  • They don’t leave any trace of their activity.
  • Even if you have a Citrix/Thin client environment, they still work.
  • They will record all keystrokes made on the keyboard and replay them on demand later.
  • Even if you restrict USB devices with storage capability, a USB key-logger will still function because it is independent of the PC.
  • As long as the keyboard is connected by a USB or PS2 style connector, the key strokes will be picked-up for any operating system running on the PC, Mac or Unix/Linux device.
  • Key-loggers are relatively inexpensive (from around £20) and are readily available.
  • There are now wireless versions available.

.

What can you do?

How to avoid being recorded by a key-logger

  • Firstly, check your PC yourself every time you use it. A quick look at where your keyboard is plugged in – make sure the keyboard lead is plugged directly into a port on the PC.
  • If your PC is in a public place or isn’t yours (for example, in a library or Internet cafe – always check it first.
  • Use an on-screen keyboard for entering sensitive data such as your user name and password. The on-screen keyboard uses a mouse to select characters instead of the keyboard.
  • Use a one-time password device such as SecurID. This means that even if the password is recorded when you enter it, it will have changed on next use, rendering the recording of no value.

How to prevent key-loggers being used?

  • Have a regular visual check of all PC type devices. This won’t necessarily find a key-logger if it is connected and removed between checks, but it is still well worth doing.
  • Educate staff to be vigilant and perform their own visual checks.
  • USB key-loggers tend to show on a PC as a generic USB hub – sometimes a Texas Instruments one. It would be possible to monitor for such changes, but there is no guarantee that all key-loggers will behave in such a way. If you are still using PS2 attached devices, this won’t help you either.

What do I do if I find a key-logger

One option is to set-up a ‘sting’. The key-logger device needs to be retrieved in order to be read. Therefore, keep watch or set-up a webcam to wait and watch for the device to be retrieved.

.

And finally….

Hardware key-loggers are a real risk to you and the business you work for. Be vigilant.


Resources for CIO and COO Professionals

CIOCOO - Resources for CIO and COO Professionals


Remember to bookmark the following ….


For more information, contact E-mail address











For copyright details, refer to http://ciocoo.com/legal/copyright/
For terms of use, refer to http://ciocoo.com/legal/terms-of-use/

© Copyright Tim Bullock 2010


PDF Creator    Send article as PDF to   
Tags: , , ,