Defeating Hardware Keyloggers

Martin Brinkmann
Apr 23, 2006
Updated • May 4, 2013
Security
|
3

You probably read my article about the bank heist in London where the robbers used a hardware keylogger to receive sensitive information that allowed them to perform wireless transfers. The bank made the decision to super glue every cable to the back of the personal computer making it impossible to add the keylooger between the keyboard and the computer after the incident.

Well, there is another possibility which means more work for the user: Onscreen Keyboards. Microsoft Windows comes pre-installed with an onscreen keyboard, open up the run dialog and enter osk.exe. (with the shortcut Windows-r to bring up the runbox).

An application looking similar to the one shown on the screenshot below will appear. You can now click on a symbol and it will appear in the form. This is great if you suspect that someone could log what you are typing. It's a good way to enter a password relatively safely. This is of course not 100% foolproof. What is meant by that? Some keyloggers take screenshots of the computer monitor in regular intervals which may reveal what you are doing even when you are using an onscreen keyboard to avoid using the computer's physical keyboard.

It is also possible to intercept keys that you click on in other ways. While this prevents hardware keyloggers from logging what you enter, it won't prevent a program that is logging all keys send on the system from recording your input.

If you do not want to use Microsoft's on-screen keyboard, you can use free alternatives like Click-N-Type, a free virtual keyboard for your PC that you can use for the very same purpose. It comes as a portable version that you can put on your USB Flash drive to take away with you. This can also be interesting of the Microsoft on-screen keyboard is disabled on a computer you are working on, or if you can't use the run box to launch it.

 

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Josh said on May 24, 2009 at 8:47 pm
    Reply

    I don’t think the on-screen keyboard will really protect you:
    http://en.wikipedia.org/wiki/Keystroke_logging#On-screen_keyboards

  2. Andy Buford said on April 24, 2006 at 4:49 pm
    Reply

    The best way is to just get a USB keyboard. I have never seen a hardware keylogger that wasn’t PS2.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.