Keylogging “is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored”. It can be done with software or hardware, and can have malicious intents or for be used for things like human research.
There are many different kinds of software keyloggers.
- Hypervisor-based: Layer of malware that can run underneath the operating system and exist as a seperate virtual machine to capture data.
- Kernel-based: A program running on the computer requests root access in order to intercept keystrokes that pass through the kernel. This type of keylogger is very hard to detect and can take control of hardware.
- API-based: This type of keylogger registers when certain keys are pressed through APIs and records them.
- Form grabbing based:This type of logging is done when a user enters data into online forms, and the keylogger saves them before they are transmitted over the internet.
- Memory injection based: This type of keylogger alters data tables in the browser and other system functions.
- HTTP Packet based: This is done by capturing network traffic based on HTTP, which can be used to recover unencrypted passwords.
- Remote Access based: These are keyloggers that can offload data to a remote location through hardware, online server, or an email address.
A software keylogger program.
While software keyloggers are powerful, hardware keyloggers can be embedded within the keyboard itself or as an external device that is hard to detect. There are also various kinds of them.
- Firmware-based: This is very low level BIOS firmware that is designed specifically for the hardware it’s running on to capture keystrokes.
- Keyboard hardware: This can be done with an embedded circuit, or with and external inline device between the computer and keyboard.
- Wireless keyboard and mouse sniffers: This is done by cracking the protocol used to transmit the data wirelessly to read data or even enter commands remotely.
- Keyboard overlays: This technique is often used at ATMs to capture card PIN numbers. It is designed to blend into the machine’s design.
- Acoustic keyloggers: This is a very advanced method that requires listening to the sounds that a keyboard makes in order to identify keystrokes.
- Electromagnetic emissions: This is an attack that can capture emissions to see keystrokes from a distance.
- Optical surveillance: This is a strategically placed camera, in order to capture keystrokes and pin numbers.
This is a hardware keylogger designed for PS/2 and USB keyboards.
As you can see, keyloggers are very dangerous and you should be aware of what websites you visit and any suspicious software. You should also check your computer for hardware loggers if you work in an office or environment with many other people.