In today’s Cyber world, most of the threat variants that we
keep hearing about are pretty much Phishing and Ransomware. But as these have become the prominent ones
of today, don’t forget the old-fashioned ones still linger around.
These are the Trojan Horses, Worms, Viruses, etc. But there is still one that we hardly hear
about: The Key Logger. You may be asking at this point what exactly is
it? Well, it can be technically defined as
follows:
“Keyloggers are a particularly insidious type of spyware that
can record and steal consecutive keystrokes (and much more) that the user
enters on a device. The term keylogger, or "keystroke logger," is
self-explanatory: Software that logs what you type on your keyboard. However,
keyloggers can also enable cybercriminals to eavesdrop on you, watch you on
your system camera, or listen over your smartphone's microphone.”
So simply put, it is a malicious payload that is deployed
onto your computer – it records each and every keystroke that you make. The Cyberattacker uses this primarily to
capture your login and password information.
Of course, they could even record a conversation that you are having and
use that to launch an extortion style attack, but without the Ransomware
component attached to it.
The question often arises if they are legal or not. Technically, they are not illegal, but it
depends upon the activity in which they are engaged in. For example, if you are a remote worker, your
employer could very well deploy a keylogging software to keep an eye on you to
make sure you are doing work related activities. But, if the Cyberattacker is engaging in it,
then by all means, yes, it is illegal.
But the history of keylogging goes back far than even Phishing
ever did (its first notable attack was on the AOL subscriber base in the late 1990s). Believe it or not, the first piece of
keylogger came out in the 1970s. This
was actually used to spy on electric typewriters.
This was developed in the Soviet Union by scientists, during
the peak of the Cold War. At the time,
ti was called the “Selectric Bug”, and more information can be found here on it
at this link:
But of course now, in today’s digital world, keyloggers have
become extremely stealthy and also covert.
You simply do not know when it has been deployed onto your device or
computer. So now, here are the following
major types of keyloggers:
1)
The USB keylogger:
Ye, you got it. Those portable storage devices that you use, such
as the USB ones, can also consist of a keylogging software, which nobody knows
about. So, once you insert it, that
malicious payload will be deployed onto your computer.
2)
The Acoustic keylogger:
Believe it or not, the way that
click on your keyboard resonates with a unique sound. The keyloggers of this type can record this,
and even recreate an entire document from it.
A study on this was conducted by UC Berkely, and in one instance, they were
able to recreate 96% of the content of a document. More information about this can be seen at
the link below:
https://newsarchive.berkeley.edu/news/media/releases/2005/09/14_key.shtml
3)
The Electromagnetic keylogger:
Yes, even your keyboard can emit faint
electromagnetic charges. More technical
information about this can be seen at the link below:
https://vimeo.com/2007855?pg=embed&sec=2007855
4)
The Smartphone keylogger:
If the Cyberattacker can break into
your smartphone, it will be quite easy for them to use the sensors on it to
launch a keylogger onto it. Research has
shown that the accuracy rate of this can be as high as 97%.
5)
The Software keylogger:
This is probably the most “famous”
one out there, and has been used for the longest time. These often appear as Trojan Horses, or can even
be deployed if you click on a malicious link.
That is why is why it is also imperative that you do not click on web
advertisements when you are in your web browser.
My Thoughts On This:
Keylogging software can also be used for ethical purposes as
well, especially when it comes to developing new products and services, in an
effort to enhance the end user experience.
It can also be used to detect gaps and vulnerabilities in the source code
of a software application.
Now you might be wondering, how can you protect yourself
from getting a keylogger? Well just
practice good Cyber Hygiene. It will
never eliminate the risk in its entirety, but it will for sure mitigate it. And
always keep your smartphone updated with the latest patches and upgrades.
No comments:
Post a Comment