Keylogger
What is a keylogger?
A keylogger is a type of software or hardware used to monitor and record keystrokes on a computer or device. A keylogger can be installed and run with or without permission of the device’s user. The output is a readable file, containing everything typed by the device user, that can later be transmitted to another person.
Keyloggers record anything a user types, whether in browsers, programs, or apps. Things like website names, instant messaging conversations, and login information are all collected and stored in files that are then sent to someone else, usually the party responsible for installing the keylogger. Keylogger software may also include the ability to take screenshots and access the device’s camera and microphone.
How does a keylogger work?
A keylogger program runs in the background on a device, intercepting the signals between the keyboard and the device’s processor. It records all keystrokes in the order they’re made, and stores them in a file that another person can read. For example, if you visit your bank’s website, the file will save the website address you type, as well as the login ID and password you enter.
A keylogger can be hardware or, more commonly, software. Keylogger software may be part of a package that also takes screenshots, which can provide more context about what’s being typed and where. It may also gain control of a device’s camera (to watch typing and mouse activity) and/or microphone (to eavesdrop on conversations).
Some software programs can target mobile devices such as phones. They’re able to log touches on the screen, take screenshots, and access the camera and microphone to provide additional information about what the user is doing.
Installing keylogger hardware requires physical access to the device. A small piece of hardware is placed between the keyboard and the device. It may be installed internally, but is often plugged into the back of a desktop computer. Hardware can be installed on public computers, such as in a library or Internet café, to capture the information of unsuspecting patrons. There is no hardware application required to keylog on mobile devices.
Are keyloggers illegal?
Most often, keyloggers are installed for illegal uses. If a keylogger is installed without the permission of the device owner, it’s considered illegal malware. Malware keylogging software may be installed as part of a typical phishing scenario (or other social engineering ploy), where an unsuspecting user clicks a link that downloads malware. In this case, the purpose of the keylogger is to steal personal information. Recording someone’s keystrokes can capture login information like IDs, passwords, and PINs. But it also records anything else you type, including emails, messaging, credit card numbers, social security numbers, and more.
Keyloggers may also be installed by someone who has access to the device, as a tool to spy on another’s activity. A typical spying application is one spouse spying on another. On mobile devices, the keylogger can record text messages, emails, and phone numbers called, or even be paired with software that tracks location. Whether or not this is illegal depends on who owns the device, not necessarily who uses it.
What are legal uses for keyloggers?
Keyloggers are legal if the person who installs the software or hardware is the owner or manufacturer of the device. Businesses can install keyloggers on company laptops to evaluate an employee’s productivity. Software manufacturers may use keyloggers to record users’ interactions with their programs to assess performance or to troubleshoot bugs. Another common legal use is for parents to install a keylogger on a device to monitor their children’s activity.
An additional criteria for keylogger usage to be legal is that the data collected by the keylogger is not used criminally. Explicit clear consent by the user for this data collection is required only where laws demand, which is not commonplace. Laws like GDPR and CCPA can restrict the use of keyloggers in certain situations, or at least return control over the data collected to the user.
What are virtual keyboards? Do they protect against keyloggers?
A virtual keyboard is a keyboard interface on a touch screen or other non-physical input device. They’re common on mobile devices, but also in certain situations on computers with physical keyboards, like accessibility features, or to meet a multilingual need for a different character set. The virtual keyboard appears on the display and is controlled by actions like mouse clicks or scrolling.
For a time, virtual keyboards offered greater security against keyloggers, as virtual keyboards use different input channels than physical keyboards. Existing keylogger programs that focused on physical keyboards did not access the activity of virtual keyboards. But as virtual keyboards grew more common, keylogger programs became more sophisticated. They’re now able to intercept the communications between the virtual keyboard software and the operating system, as well as take screen shots to record each mouse click or finger touch. So the advantage of virtual keyboards has waned—they’re no longer reliable defenses against keylogger malware.
How do I tell if a keylogger is on my device?
A keylogger is harder to detect than regular malware because it doesn’t usually affect performance, although it can be downloaded along with other malware that does affect performance. Inferior versions might be detectable by subtle indicators like odd or slow response when typing or using a mouse. Although unusual, they may also reveal themselves by the resources they use, like CPU or memory.
If you think a keylogger is running on your computer, you might be able to spot it in task-manager screens. For example, a task manager startup screen might list all programs that run on startup. If something looks suspicious, you can disable it there.
How to protect yourself against keyloggers
Since keyloggers are so difficult to detect, the best thing you can do is to defend against installing them in the first place:
- Keep all software, including antivirus software, updated. This can help prevent malware from being installed if you end up at a malicious site.
- Avoid phishing and other scams. If you click a link, check that the website address is correct (e.g. “example.com” and not “exampel.com”). Check the browser address bar for “https://” (not “http://”). The Brave browser automatically upgrades connections to the more secure HTTPS.
- Use a passcode on your phone to prevent others from getting access.
Even if a keylogger is legally installed, the data it collects is vulnerable to data breaches. Reducing the amount of collected data can reduce security risks:
- Use a password manager to autofill your username and password, so no keystrokes are made or logged.
- Use provisions in laws such as CCPA to request that data stored about you is removed.