What do they look like?

Hardware keyloggers can be hard to spot. They are typically small and can be plugged into the back of a computer, unseen. They often look like a USB flash drive or a keyboard connector. They are easily found online; even Amazon has several them. If you see any device plugged into a computer that is not yours, consider this a red flag. While there is a good chance the device will look like one shown in the link or below, there are others out there.

Why are they legal?

While they may be useful in fraud and identity theft, they do have valid uses. In testing software, knowing exactly what a user did is useful to programmers. That can effectively pin-point a problem in code. Employers can use them to monitor the progress and productively of employees. Some manufacturers advertise them as a form of backup, keeping each page you write even if the power goes out. While arguments can be made that they are more often used for nefarious reasons, in the right hands, they are a useful tool.

Have they actually been found on public computers?

Yes. Earlier this year, there was a case where hardware keyloggers were found on library computers in Manchester. In three separate locations, the devices were found plugged into public access machines. The type used here was the kind that looked like a USB flash drive. Authorities advise greater vigilance, especially for the employees, but users need to be alert too.

It should be noted that it is generally unwise to use public computers for sensitive data. E-mail, banking sites, and credit card use should be avoided when on these computers. If you have to use them, here are some tips. Ask how the computers are protected. Do they block software installation? Are they wiped on reboot with software like Deep Freeze? If so, could they restart the computer for you (wiping out most software keyloggers)? Always use a secure connection (https) when possible, and be alert to your surroundings (e.g. watch those around you, know what is connected to the PC). This still is not as safe as a home computer running a live CD, but there is not much more you can do.

What do I do if I find one on a work computer?

It should go without saying that you should contact IT and your manager immediately. Should you remove it? Ask. If the company owns a PC, they can install a keylogger on it. What is deemed notification (if required) can vary by state and country. Typically, a software keylogger would be more conventional, so a hardware one is suspect. Chances are that it was planted, but if that is the case, then it is evidence. Physical and digital forensic information can be gathered. Let someone responsible for and trained for this handle it.

Should one of these devices be found on a server, the problem is much more severe. It highlights a lack of physical security. A strong firewall, good anti-virus software, proper permissions, and complex passwords will not protect you from a trick like this.

The Point: Awareness

The point of this article is to be aware of the existence of these deices. They do exist, but they are not commonly seen. If you do see one on a computer, let someone know. Chances are they are not supposed to be there. While they are legal to own, it is illegal to install them on computers for public use or on systems someone does not own.

The theory that keyloggers can be defeated with onscreen keyboards is unfortunately a computer security myth. It is definitely true that some keyloggers, especially those that only record the keys that the user enters on the computer computer keyboard, can be defeated with onscreen keyboards.

There are however advanced keyloggers which make a screenshot of the onscreen keyboard while it visible on the computer screen and which record the mouse movements on the system. It is then a matter of simply reconstructing the mouse movement to know exactly what a user typed on a computer system.

There is only one 100% way of defeating keyloggers and that is to not use computer systems for sensitive information. That’s not always practicable and it is possible to reduce the chance that keyloggers are installed by running good antivirus programs.

The chance that your home system is infected by a keylogger is rather slim especially if you are a careful user with some basic computer security knowledge. The real danger lies out there in the real world and they go by the name public computers. There is no way normally that you can check if a public computer is running a keylogger in the background or another type of nasty virus or trojan that records your computer activity.

Safekeys is a small software that does not need to be installed which makes it an ideal application for such situations. It displays a virtual keyboard on your screen and you can use the mouse to type the asterisked password in. It supports all the chars that are normally located on a real keyboard.

The so created password is displayed in the Safekeys software and you have to mark and drag and drop it to the password field on the website or application that you want to use.

Keyscrambler for Firefox is a add-on that encrypts the keystrokes and decrypts them in the browser. This ensures that the keyloggers can only log the encrypted keystrokes which protects the original data. Every time you enter data in a sensitive area a overlay is displayed which displays the encrypted keystrokes. The data is of course encrypted and entered correctly in the form to ensure that you can use the service as usual.

This add-on seems to be only working with Windows because it installs some additional files during the installation of the add-on which open a normal windows installation dialog. I did not experience the troubles that some of the comments described at the Mozilla website. The add-on is running fluently without complications.

Update: KeyScrambler has been discontinued. The Keylogger Beater add-on for the Firefox web browser is an alternative.

Well, there is another possibility which means more work for the user: Onscreen Keyboards. Microsoft Windows comes preinstalled with an onscreen keyboard, open up the run dialog and enter osk.exe.

An application looking similar to the above will appear. You can now click on a symbol and it will appear in the form. This is great if you suspect that someone could log what you are typing. It´s a good way to enter a password relativly safely. This is of course not 100% foolproof.