Hardware-Based Keyloggers – Making Identity Theft Easier

Hardware-based keyloggers are making online identity theft an easier opportunity for criminals.  As well, these devices can help anyone wanting to discover or monitor your online activity.  It is important you are aware that these devices exist in order to take appropriate precautions regarding your personal sensitive information.

What Is A Hardware-Based Keylogger?

Hardware-based keyloggers are some form of hardware circuit attached between a keyword and computer used for logging keystrokes.  The circuit records or logs all keystroke activity in its memory.  The keystroke information can be later retrieved and used to extract any personal information computer users may have entered while using the computer keyboard.

These devices do not need to be dependent on a computer’s operating system, nor will they interfere with programs running on the computer.  Accordingly, these devices are not detected by the computer’s software.  Similarly, the physical nature of these devices is intentionally innocuous to avoid detection.  While generally an external device, these devices can be installed as part of the keyboard making them more difficult to discover.

Except in the case of wireless hardware keyloggers that can be controlled and monitored remotely, physical access to hardware-based keyloggers is needed twice in order to obtain recorded information.  The device must first be installed and then later retrieved.  As a result, keyloggers present some risk to potential thieves (or anyone else wanting to monitor keystroke activity – like a spouse).  Physical access to the device is needed while in the meantime the device can be discovered.  Law enforcement can become aware of a keylogger and then monitor the computer’s physical location to ascertain who planted the device.

What Does This Mean For You?

While you might not be a criminal (let’s hope not), you might find value from the services provided by a hardware-based keylogger.

With the prevalence of identity theft, you need to be careful about your public computer use.  For example, you are probably better not using publicly accessible computer devices to login to site requesting personal information (e.g., banks or social media sites like Facebook).

If you are really cautious, you might look at where your keyboard hooks into a public computer to see if any unnecessary device is present.  As explained earlier, these devices are innocuous and not easy to identify, so this effort might not be foolproof.  Also, you might not have visual access to see where a keyboard connects to a public computer removing this opportunity to protect yourself.

If you need to use a public computer to login to a website, you might try staggering your login keystrokes.  Open a notepad text file on the screen and bounce back and forth between the login screen on the website and your notepad document typing the characters of your password.  When you type on the notepad document, type random characters unrelated to your password.

There is no fail-safe way to protect yourself from keylogging or online identity theft, but you can be cautious.  Awareness of hardware-based keylogging is important so you can take cautious preventive measures to protect your personal information.  Conversely, you might find some benefit from using one of these devices (for ethical reasons of course).