Keystroke Logging

What is Keystroke Logging?

Keystroke logging is an attack in which hackers break into a victim’s device and install monitoring software that tracks and stores keyboard inputs. The hacker hopes to capture passwords, credit cards, and other personally identifiable information.

While these attacks typically are for nefarious purposes, law enforcement and government intelligence agencies have used keystroke logging for legitimate surveillance purposes. Some developers use keystroke logging for testing purposes as well.

Keystroke logging can be considered a “secondary” attack vector. The attacker must first use another method to break into the server, such as brute force or a dictionary attack. From there, the hacker might trick users or devices into downloading new software which contains the keystroke logger. The software can also be unwittingly installed via malware that infects a user’s device. 

How Keystroke Logging Works

Getting keystroke logging software on the victim’s computer is vital to the success of the attack. The most common method is to trick users into thinking the download is legitimate. Hackers might disguise the keystroke logging software as a “critical” software update or new required software.

After the user installs the keystroke logging software, the hacker can see everything they type, even in real-time. However, most keystroke logging attacks include hundreds (if not thousands) of accounts, so the keystroke logging software stores the data captured in a central location.

Since this data isn’t encrypted, the attacker can see everything the victim typed—even if they’re visiting a secure website or network folder—it is encrypted as it’s sent over the network, not before. As a result, it’s easy to steal all kinds of personal information.

While keystroke logging attacks primarily include installing malware, some attacks are carried out by installing a device between the computer and the keyboard. These are far less common since they require the attacker to install actual hardware on the target device.

Examples of Keystroke Logging

Some common real-world examples of these types of attacks are:

  • An attacker uses a phishing email saying there is a critical update that employees must download to continue accessing the company’s online services. Fooled, several employees download and install the malware, allowing the attacker to steal company data by monitoring usernames and passwords.
  • As part of a criminal investigation, law enforcement receives court approval to install physical keyboard logging hardware on a suspect’s computer. Here, the keystroke logging attack is used to try and obtain incriminating information on the suspect.
  • An attacker gains access to a computer network through another attack vector, redirecting users to a spoofed web page for a legitimate software download. While users think they’re downloading the software, it’s instead a hacked copy that includes a keystroke logger.

How to Protect Against a Keystroke Logging Attack

Protecting yourself from keystroke logging attacks is relatively straightforward if you follow these guidelines:

  • Eliminate passwords: The ONLY way to ensure the prevention of credential-based attacks is through eliminating passwords. If there is no username and password for the keystroke logging software to record there is nothing for a hacker to steal and no way to gain access to accounts. Learn more about passwordless authentication today and keep your most critical applications secure.
  • Watch what you download: Always verify what you’re downloading is legitimate. Download software only from the developer’s website or through approved channels when on your company’s computer network.
  • Keep security software up-to-date: Antivirus and anti-malware software is designed to look for suspicious network behavior on your computer. This includes the data streams sent from keylogging software. Keeping this software update is critical.
  • Apply security updates for your operating system: It is also important to apply security updates as soon as they’re released. These not only protect you from keystroke logging attacks but plug security holes that hackers could use for other types of attacks.
  • Use a virtual keyboard: Keystroke logging attacks are useless against virtual keyboards because they operate differently (and share input information differently) from physical keyboards.