Keylogging Definition

A device or software that records keystrokes entered by a user, usually to secretly monitor and/or maliciously use this information

A keylogger is a tool that captures and records a user’s keystrokes. It can record instant messages, email, passwords and any other information you type at any time using your keyboard. Keyloggers can be hardware or software.

One common example of keylogging hardware is a small, battery-sized device that connects between the keyboard and the computer. Since the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user’s behavior to physically hide such a device in plain sight.

As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later time, the person who installed the keylogger must return and physically remove the device in order to access the information it has gathered.

Another type of keylogging hardware is the wireless keyboard sniffer. Wireless keyboards have become very common for their convenience and long range of up to 100 meters. A hacker can design hardware to sniff data sent from a wireless keyboard to the receiver because the encryption can easily be cracked. Still another type is firmware-based. The firmware on the keyboard and your machine is used to handle keystroke events. The firmware can be hacked to record keystrokes as they are processed.

A software keylogger can be downloaded and installed as a program running in the background. Software keyloggers may also be embedded in spyware, allowing your information to be transmitted to an unknown third party over the Internet.

Several types of software-based keyloggers exist. With a core OS-based keylogger, the malicious software resides in the core of the operating system that you are running. Whenever you press a key, the core processes it, and a core OS-based keylogger can tap into this processing and log the input. The keylogger based on this approach can be embedded in the keyboard drivers or by hacking into it. These types of keyloggers are extremely powerful, as it is very difficult to detect them at first and even more difficult to remove them without harming the drivers and causing your computer to malfunction.

A hook-based keylogger takes advantage of an application that an operating system typically provides to which legitimate applications can subscribe in order to be able to read keystrokes. The hook-based key logger hooks itself to this application and simply records the keystrokes.

There are also browser-based keyloggers, which are able to bypass https encryption. When you click a ‘Submit’ button on a webpage or click ‘Send’ on an email, text is transferred. These keyloggers record the text before it is passed over the Internet.

View the list of Local Resources that can assist Internet users in South Africa.