Keyloggers: types and specifics of keyloggers

[Father]

A keylogger is a program or device that captures and records all user keystrokes on the keyboard. Depending on the built-in characteristics and operating technology, it can be either removable or remotely operated.

Information security specialists often refer to keyloggers as keyloggers (from the English keylogger, "registering device for keys"). They are used both as a legal means of recording user actions, and as spyware that is used to steal secret data.

In this article, we talked about the main types of keyloggers, their advantages and disadvantages, as well as ways to protect against this type of program or device.

Types of keyloggers​

The main task of a keylogger is to read data by tracking the effects on the input medium, i.e. the keyboard. Any means can be used to solve this problem.

Traditionally, there are two types of keyloggers:

1. Software programs. This is spyware that records user actions and sends them to the attacker's device. Most often, it is "delivered" to the device using malicious files or phishing mailings.
2. Hardware settings. This is a device that requires physical interaction between the attacker and the victim's device, first to install and then to dismantle.

However, a keylogger is not only a specific device, but also a method in which a regular high-resolution camera, in the field of which the keyboard is clearly visible during operation, can already be considered a kind of keylogger.

This is if we do not talk about more complex and original ways of reading information. For example, a group of American and Chinese researchers were able to create an algorithm that reads data using the reflection in glasses in people with 4k cameras.

There are equally promising programs for recording the keyboard based on the sounds that the keys make when pressed.

Pavel Yashin
Head of the iiii Tech Information Security Service

The world does not stand still, respectively, and interception technologies are also developing, for example, if it is impossible to infect a PC, and there is no physical access to it, will the attacker be left without a "prize"? Of course not – after all, you can eavesdrop on the user typing the same passwords on the keyboard: after all, each key has a unique sound – of course, not distinguishable by the human ear. And yet-almost every one of us has a smartphone equipped with a microphone, and yet-many if not all laptops have microphones. Also, audio information can be "read" from the window glass.

Example of an audio keylogger: Keytap: acoustic keyboard eavesdropping | C++ and stuff (ggerganov.com) and its further development : Keytap 2 and KeyTap 3.

Of course, this is an enthusiast-written program. Yes, it only works with English. But-with the right persistence and resources – the same programs can be written for other languages.

To prevent information from leaking over the audio channel, you can use utilities that automatically mute the microphone while typing on the keyboard. In addition to security purposes, they also perform a more prosaic function-automatic elimination of extraneous noise during audio/video conferences.

In fact, a keylogger is any software product or device that can secretly read information about user keystrokes. Its main advantage is its invisibility. Regardless of the type of device or software, its operation does not cause any interference and can not always be identified by security systems.

Dmitry Kovalev
Head of the Information Security Department at Sissoft

The keylogger always works in hidden mode. Visually, the average user can't detect its connection to a PC in any way: as a rule, there are no obvious markers that allow you to understand that a keylogger is connected to the device.

At the same time, the most popular devices are those that can not only collect and save data, but also broadcast it to an attacker. At this stage, the operation of the devices is most noticeable.

How to calculate a keylogger​

Keyloggers are most vulnerable when transmitting information. If we talk about hardware spies, then removing them requires the physical presence of an attacker. In addition, such a keylogger can be determined independently by detecting "adapters" that do not carry functions or traces of replacing the device's factory elements. As a rule, only a specialized specialist or a person who is well acquainted with hardware can identify a hardware keylogger.

Software keyloggers do not differ much from hardware keyloggers in the context of detection methods. Most often, they come to the attention of security tools at the time of transferring the accumulated data to the attacker's device.

Alexander Bulatov
Commercial Director of NGR Softlab

The average PC user most often encounters software keyloggers. By opening an infected file that came from an unknown recipient, you can install an invisible spy on your computer that monitors and remembers all keyboard clicks. It is almost impossible to detect its presence without special antivirus software. Although even this does not always guarantee 100% detection.

If we talk about corporate information systems, then organizations have more opportunities to detect such malware. A spy keylogger should not only collect keystrokes, but also transmit this information over the network to an attacker. These anomalous network communications can be detected by one or another network security tool that is used in companies. Their diversity provides a kind of layered protection and detection.

At the same time, keyloggers are not always spyware devices and programs. In some specialized complexes and systems, keyloggers perform the function of a flight recorder, a "black box" that records all human interactions with the system. If necessary, this data can be used to investigate certain incidents.

The best way to protect yourself from a keyboard spy is to install the appropriate tools for filtering mail, checking extensions, and downloading files. And continuous training of personnel in digital hygiene, methods for detecting phishing emails and links.

Conclusion​

A keylogger as a group of espionage tools is highly variable for solving the same problem. There are many very specific solutions that do not show high efficiency at the moment, but may well shoot in the future, by refining the technology itself or expanding its database.

At the same time, there are also conditionally classical methods that are quite effective in cases where it is not possible to study outgoing traffic in detail. A significant advantage of keyloggers of any category is the complexity of their detection.

Dmitry Islamov
IT Project Promotion Expert

The advantages of a software keylogger are simplicity. These are usually small applications. Because of their small size, they have the simplest possible settings. For novice hackers, this is a great tool.

The disadvantage of a keylogger is the generation of a large amount of garbage data. It records all keyboard and mouse actions. After receiving them, the hacker will have to work hard to decrypt the data.

Hardware keyloggers have a problem installing and removing them — you need physical access to the victim's device and time to perform all the necessary manipulations. In addition, they are limited in the amount of memory of the stored data. But they are not detected by antivirus programs.

The problem of combating keyloggers can be effectively solved if the attacker simply does not find the opportunity to install a VPO or device in the company's infrastructure.

Finding a malware that has already been stopped in the infrastructure can be much more time-consuming and require an excessive amount of effort. However, this thesis is also relevant for an attacker. After all, even in the case of successful data acquisition, it will have to filter out a huge array of data, among which it may not be the desired ones.