What is 'Keyboard Logger'

A keyboard logger is hardware or software that records every keystroke on a computer, usually for nefarious purposes and without the user’s knowledge. Keyboard loggers can be used to collect all kinds of sensitive information, including personally identifiable information (PII), passwords, intellectual property, and trade secrets. They can also be used to record email messages, online chats, usernames and passwords.

BREAKING DOWN 'Keyboard Logger'

Keyboard loggers are often used for criminal purposes, like stealing passwords or credit card information from the device users. However, some companies may use keyboard loggers for legitimate IT purposes, such as trying to prevent sensitive company information from being leaked. They can by organizations to troubleshoot technical problems with computers and business networks; they can also be used by a business to monitor the network usage of people without their direct knowledge; and they can also be used by families as part of parental controls.

Keyboard Logger Capabilities 

When installed on a device, keyboard loggers can:

  • save any passwords entered by users on the device
  • take screenshots of the device periodically over time
  • capture logs of all instant messaging conversations and sent emails 
  • save a copy of the computer user's web search history 
  • save a copy of the list of the applications used
  • automatically send the reports containing stored logs and emails 

Examples of Keyboard Logger Attacks

A hardware keylogger can be a barely noticeable device that connects the hard drive’s USB port to the keyboard’s USB cord. This type of keyboard logger was used to commit a serious crime in 2013. A county sheriff installed a keylogger on his ex-wife’s work computer because he wanted to capture her information. If he got caught – and he did – his action would have been a problem regardless of where she worked, but since she worked for the state supreme court, he was found guilty of a federal wiretapping charge.

Another example of a hard-to-detect keyboard logger came out in 2014. KeySweeper is a $10 device that looks like a typical USB phone charger but can pick up keystrokes from the radio signals transmitted by wireless Microsoft keyboards and transmit that data via cellular network. The logger doesn’t interact with the computer itself, making it difficult to detect. A wireless keyboard would have to encrypt the data transmitted between itself and the computer to prevent this type of sniffing attack. A keyboard that uses the Advanced Encryption Standard (AES) would be protected against this type of threat. While AES keyboards are not foolproof, they help deter data theft by using firmware that blocks access to the keyboard’s secret encryption key as well as random data generators and unique transmission identifiers.

Example of Using Keyboard Logger Positively 

Windows 10 has a feature that some news outlets have erroneously reported as a keylogger. It’s a setting that is enabled by default but that users can turn off in their privacy settings. It says “Send Microsoft info about how I write to help us improve typing and writing in the future.” Further in the “speech, inking, & typing” section of Windows 10’s privacy settings, there is an option to allow or disallow Windows and Cortana to “get to know your voice and writing to make better suggestions for you,” which includes collecting your typing history. Microsoft says these features are used to improve consumers’ experience with using Windows. It is not designed to collect personal information or to use it for malicious purposes but to improve product development. Microsoft uses safeguards to protect users’ information collected through these means.

That being said, accidental disclosure of collected information is possible, and users who are concerned can easily opt out. Nefarious keyboard loggers do not tell users about their existence or allow them to opt out.

RELATED TERMS
  1. Threat Modeling

    Threat modeling is evaluating what needs to be protected in the ...
  2. Encryption

    Encryption is a means of securing digital date using an algorithm ...
  3. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  4. Bait Record

    A bait record is a piece of false information seeded into a dataset ...
  5. Two-Factor Authentication (2FA)

    Two-factor authentication (2FA) is a second layer of security, ...
  6. Blockchain Wallet

    A blockchain wallet is a digital wallet that enables users to ...
Related Articles
  1. Investing

    A First Look at Microsoft's Eye Control

    Microsoft is testing new technology for Windows 10 that lets users control the OS with their eyes.
  2. Investing

    Top 10 Biggest Mobile Apps of 2016

    These 10 useful mobile applications allow users to perform business- and personal-related tasks from anywhere at any time
  3. Insights

    Detailed Ways to Protect Digital Data

    Knowing how to protect digital data has become a big concern these days. Here are four easy ways to keep your personal information safe.
  4. Tech

    Cybersecurity: Stay Safe Online With These Tips

    No one can guarantee that any of us are 100% safe from cyber and identity related crimes, but we can make ourselves less of a target. Here's how.
  5. Tech

    Passwords Are Obsolete, Get With the Blockchain

    Blockchain technology could provide a better alternative to memorizing long, confusing, and easily forgotten passwords.
  6. Personal Finance

    4 Best and Safest Password Manager Apps for 2016

    Find out which password managers are the best at keeping your passwords secure while managing critical data you use in your daily digital life.
  7. Tech

    Common Cybersecurity Threats and How to Protect Yourself

    With all of the ways hackers can steal your identity and personal information, it's important to protect yourself.
  8. Investing

    Intel Chip Flaw Lets Hackers Access Windows Devices Remotely

    Intel disclosed a new security flaw that enables hackers to access Windows PCs, servers and laptops remotely without the need for a password.
RELATED FAQS
  1. Who are Microsoft's (MSFT) main competitors?

    Are you investing in Microsoft? Learn the main competitors of technology giant Microsoft and the stiff competition facing ... Read Answer >>
Trading Center