What is Keystroke Logging and Keyloggers?
Keyloggers are built for the act of keystroke logging — creating records of everything you type on a computer or mobile keyboard. These are used to quietly monitor your computer activity while you use your devices as normal. Keyloggers are used for legitimate purposes like feedback for software development but can be misused by criminals to steal your data.
Keystroke Logging Definition
The concept of a keylogger breaks down into two definitions:
- Keystroke logging: Record-keeping for every key pressed on your keyboard.
- Keylogger tools: Devices or programs used to log your keystrokes.
You’ll find use of keyloggers in everything from Microsoft products to your own employer’s computers and servers. In some cases, your spouse may have put a keylogger on your phone or laptop to confirm their suspicions of infidelity. Worse cases have shown criminals to implant legitimate websites, apps, and even USB drives with keylogger malware.
Whether for malicious intent or for legitimate uses, you should be aware how keyloggers are affecting you. First, we’ll further define keystroke logging before diving into how keyloggers work. Then you’ll be able to better understand how to secure yourself from unwanted eyes.
How Keystroke Logging Works
Keystroke logging is an act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user. A “keystroke” is just any interaction you make with a button on your keyboard.
Keystrokes are how you “speak” to your computers. Each keystroke transmits a signal that tells your computer programs what you want them to do.
These commands may include:
- Length of the keypress
- Time of keypress
- Velocity of keypress
- Name of the key used
When logged, all this information is like listening to a private conversation. You believe you’re only “talking” with your device, but another person listened and wrote down everything you said. With our increasingly digital lives, we share a lot of highly sensitive information on our devices.
User behaviors and private data can easily be assembled from logged keystrokes. Everything from online banking access to social security numbers is entered into computers. Social media, email, websites visited, and even text messages sent can all be highly revealing.
Now that we’ve established a keystroke logging definition, we can explain how this is tracked through keyloggers.
What does a Keylogger Do?
Keylogger tools can either be hardware or software meant to automate the process of keystroke logging. These tools record the data sent by every keystroke into a text file to be retrieved at a later time. Some tools can record everything on your copy-cut-paste clipboard, calls, GPS data, and even microphone or camera footage.
Keyloggers are a surveillance tool with legitimate uses for personal or professional IT monitoring. Some of these uses enter an ethically questionable grey area. However, other keylogger uses are explicitly criminal.
Regardless of the use, keyloggers are often used without the user’s fully aware consent and keyloggers are used under the assumption that users should behave as normal.
Types of Keyloggers
Keylogger tools are mostly constructed for the same purpose. But they’ve got important distinctions in terms of the methods they use and their form factor.
Here are the two forms of keyloggers
- Software keyloggers
- Hardware keyloggers
Software keyloggers are computer programs that install onto your device’s hard drive. Common keylogger software types may include:
API-based keyloggers directly eavesdrop between the signals sent from each keypress to the program you’re typing into. Application programming interfaces (APIs) allow software developers and hardware manufacturers to speak the same “language” and integrate with each other. API keyloggers quietly intercept keyboard APIs, logging each keystroke in a system file.
“Form grabbing”-based keyloggers eavesdrop all text entered into website forms once you send it to the server. Data is recorded locally before it is transmitted online to the web server.
Kernel-based keyloggers work their way into the system’s core for admin-level permissions. These loggers can bypass and get unrestricted access to everything entered in your system.
Hardware keyloggers are physical components built-in or connected to your device. Some hardware methods may be able to track keystrokes without even being connected to your device. For brevity, we’ll include the keyloggers you are most likely to fend against:
Keyboard hardware keyloggers can be placed in line with your keyboard’s connection cable or built into the keyboard itself. This is the most direct form of interception of your typing signals.
Hidden camera keyloggers may be placed in public spaces like libraries to visually track keystrokes.
USB disk-loaded keyloggers can be a physical Trojan horse that delivers the keystroke logger malware once connected to your device.
Uses for Keyloggers
To explain the uses of keyloggers, you’ll have to consider: what is keylogger activity legally limited to?
Four factors outline if keylogger use is legally acceptable, morally questionable, or criminal:
- Degree of consent — is the keylogger used with 1) clear-and-direct consent, 2) permission hidden in obscure language in terms of service, or 3) no permission at all?
- Goals of the keystroke logging — is the keylogger being used to steal a user’s data for criminal uses, such as identity theft or stalking?
- Ownership of the product being monitored — is the keylogger being used by the device owner or product manufacturer to monitor its use?
- Location-based laws on keylogger use — is the keylogger being used with intent and consent in accordance with all governing laws?
Legal Consensual Keylogger Uses
Legal keylogger use requires the person or organization implementing it to:
- Involve no criminal use of data.
- Be the product owner, manufacturer, or legal guardian of a child owning the product.
- Use it in accordance with their location’s governing laws.
Consent is notably absent from this list. Keylogger users don’t have to obtain consent unless laws the area of use require them to. Obviously, this is ethically questionable for uses where people are not made aware that they are being watched.
In consensual cases, you may allow keystroke logging under clear language within terms of service or a contract. This includes any time you click “accept” to use public Wi-Fi or when you sign an employer’s contract.
Here are some common legitimate uses for keyloggers:
- IT troubleshooting — to collect details on user problems and resolve accurately.
- Computer product development — to gather user feedback and improve products.
- Business server monitoring — to watch for unauthorized user activity on web servers.
- Employee surveillance — to supervise safe use of company property on-the-clock.
You might find legal keyloggers are in your daily life more than you realized. Fortunately, the power to control your data is often in your hands if the monitoring party has asked for access. Outside of employment, you can simply decline permission to the keyloggers if you so choose.
Legal Ethically Ambiguous Keylogger Uses
Non-consensual legal keyloggeruse is more questionable. While it violates trust and privacy of those being watched, this type of use likely operates in the bounds of the laws in your area.
In other words, a keylogger user can monitor computer products they own or made. They can even monitor their children’s devices legally. But they cannot surveil devices outside of their ownership. This leaves a bit of a grey area that can cause problems for all involved.
Without consent, people and organizations can use keyloggers for:
- Parental supervision of kids — to protect their child in their online and social activities.
- Tracking of a spouse — to collect activity on a device the user owns for proof of cheating.
- Employee productivity monitoring — to watchdog employees use of company time.
Even consent that has been buried under legal jargon within a contract or terms of service can be questionable. However, this does not explicitly cross the line of legality either.
Criminal Keylogger Uses
Illegal keylogger use completely disregards consent, laws, and product ownership in favor of nefarious uses. Cybersecurity experts usually refer to this use case when discussing keyloggers.
When used for criminal purposes, keyloggers serve as malicious spyware meant to your capture sensitive information. Keyloggers record data like passwords or financial information, which is then sent to third-parties for criminal exploitation.
Criminal intent can apply in cases where keyloggers are used to:
- Stalk a non-consenting person — such as an ex-partner, friend, or other individual.
- Steal a spouse’s online account info — to spy on social media activity or emails.
- Intercept and steal personal info — such as credit card numbers and more.
Once the line has been crossed into criminal territory, keyloggers are regarded as malware. Security products account for the entire user case spectrum, so they may not label discovered keyloggers as immediate threats. Similarly to adware, the intent can be completely ambiguous.
Why Keystroke Logging is a Threat
Threats of keyloggers can come from many issues around the collection of sensitive data.
When you are unaware that everything you type onto your computer keyboard is being recorded, you may inadvertently expose your:
- Credit card numbers.
- Financial account numbers.
Sensitive information like this is highly valuable to third-parties, including advertisers and criminals. Once collected and stored, this data then becomes an easy target for theft.
Data breaches can expose saved keystroke logs, even in legitimate use cases. This data can easily be leaked inadvertently via an unsecured or unsupervised device or through a phishing attack. More common leaks can occur by a direct criminal attack with malware or other means. Organizations collecting mass keylogging data can be prime targets for a breach.
Criminal use of keyloggers can collect and exploit your information just as easily. Once they’ve infected you with malware via drive by download or other means, time is of the essence. They can access your accounts before you even know that your sensitive data has been compromised.
How to Detect Keylogger Infections
At this point, you’re probably wondering, “how do you know if you have a keylogger?” Especially since fighting keyloggers is a challenge in itself. If you end up with unwanted keystroke logging software or hardware, you might not have an easy time discovering it on your device.
Keyloggers can be hard to detectwithout software assistance. Malware and various potentially unwanted applications (PUAs) can consume a lot of your system’s resources. Power use, data traffic, and processor usage can skyrocket, leading you to suspect an infection. Keyloggers don’t always cause noticeable computer problems, like slow processes or glitches.
Software keyloggers can be hard to detect and remove even by some antivirus programs. Spyware is good at hiding itself. It often appears as normal files or traffic and can also potentially reinstall itself. Keylogger malware may reside in the computer operating system, at the keyboard API level, in memory or deep at the kernel level itself.
Hardware keyloggers will likely be impossible to detect without physical inspection. It is very likely that your security software won’t even be able to discover a hardware keylogging tool. However, if your device manufacturer has a built-in hardware keylogger, you may need an entirely new device just to get rid of it.
Fortunately, there are ways that make it possible to protect your computer from keyloggers.
- Detecting software keyloggers: Whether you choose a free or more comprehensive total-security package, you’ll want to run a full scan of your system and devices.
- Detecting hardware keyloggers: You might be lucky and just have a USB drive or external hard drive that has malicious material on it. In that case, you’d simply remove the device by hand. An internal hardware keylogger would require a device teardown to discover. You might want to research your devices before buying to ask if the manufacturer has included anything suspicious.
How to Prevent Keystroke Logging
Knowing how to detect a keylogger is only the first step towards safety. Proactive protection is critical to keeping your devices keylogger-free:
- Always read your terms of service or any contracts before accepting. You should know what you’re agreeing to before you sign up. Researching user feedback on software you plan to install might provide some helpful guidance as well.
- Install internet security software on all your devices. Malicious keyloggers generally make their way to devices in software form. If you have a security software suite like Kaspersky Anti-Virus, you’ll have an active shield to guard against infections.
- Make sure your security programs are updated on the latest threats. Your security needs to have every known keylogger definition to detect them properly. Many modern products automatically update to protect against keylogger malware and other threats.
- Don’t leave your mobile and computer devices unsupervised. If a criminal can steal your device or even get their hands on it for a moment, that may be all they need. Hold on to your devices to help prevent keyloggers from being implanted.
- Keep all other device software updated. Your operating system, software products and Web browsers should all be up to date with the latest security patches. When an update is offered, be sure to download and install it as soon as possible.
- Do not use unfamiliar USB drives or external hard drives. Many criminals leave these devices in public places to entice you to take them and use them. Once plugged into your computer or mobile device, they can infiltrate and begin logging.
No matter how you approach anti-keylogger protection, the best defense is to install a good anti-spyware product that protects against keylogging malware. Using a complete Internet security solution with strong features to defeat keylogging is a reliable route towards safety.
Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.
- What is a Botnet?
- Infographic: Vulnerable Software
- What is a security breach?
- How to detect spyware to safeguard your privacy?