We always think of hackers as computer experts that manage to get into toughest systems with couple key strokes instantly. Well, in reality that is not the case. In the world of key logging, it takes time and patience for your attack to bear fruit. Today, I will be talking about key logging and how it can be avoided. First let’s start off with defining what key logging is.
Keystroke Logging: “is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.”
Second, I will explain the concept of key logging and how it can be used to steal personal credentials. And finally I will help you out in protecting your system from such attacks.
How Keyloggers Works:
Keyloggers can be in two forms: software and hardware. Each have their pros and cons depending on the victim and the environment. Let’s start off with talking about the software keyloggers. They are programs that secretly log or listen to your key strokes. They are easily available online and can be installed instantly. There are numerous reasons why people install keyloggers on their systems at home or at work. For example, employers want to track what their employees are doing during work time or parents can track their children’s activity at home. There is a boundary between ethical and unethical key logging. But today we are focusing on unethical key logging that is intended to harm or steal information. Look at an example below. A user is browsing the web unaware that a key logger is recording their key strokes.
With such simplicity, hackers can get all of your sensitive information and do anything with it. This basically is how software based keyloggers work. There isn’t much more to it. Now let’s talk about hardware based key loggers which are much tougher to spot. Hardware based key loggers are usually in the form of typical USB drives or port extensions.
What hackers do is they connect a keylogger to your keyboard and then to your PC. This way, all the input that is sent from the keyboard passes through the keylogger where it is stored and then to the PC. The only way to access the hidden information on this device is by using a secret three key combination the owner has setup. It is hard to detect such devices from within the system as they do not show up as external devices of whatsoever. If your computer is positioned in a way that it is hard to visually inspect the port, then you are at higher risk of having such device plugged.
How To Protect Yourself:
There are various way to protect yourself from losing personal credentials to hackers. Below is a list of different programs/settings you can use to your benefit to avoid falling victim.
- Antivirus programs that can detect key logging software. (Software)
- Use 2FA and one-time password authentication. One you enter your typical password, have the system send you a SMS code to your phone. This was, if they steal your password it is useless to them without the SMS codes you receive. (Software and Hardware)
- Use virtual keyboard or on-screen keyboards. They are untraceable by keyloggers. (Software and Hardware)
- Visually inspect your computer if other people have access to it. Know what is connected and where. (Hardware)
- Limit administrator privileges to prevent unauthorized users installing malicious programs.
This concludes today’s topic. Stay safe and remember to inspect your computers well.