Tuesday, May 21, 2013

How to defeat most keyloggers on public computers

Keyloggers can generally be classified as either software or hardware keyloggers. Software keyloggers are running as a background task on the system while hardware keyloggers are little devices that are most of the time connected between pc and keyboard recording every keystroke in their own memory.

The simple keylogger records every keystroke while more advanced ones make screenshots and record mouse movements as well. The idea for this article was born while reading the excellent Technospot article about keyloggers. The most secure way to defeat keyloggers is of course not to use public computers at all.

You sometimes do not have a choice though which leads to the next most secure way to defeat them: Live CDs. If you are allowed to boot from DVD or CD you should pop in your Linux live CD and use it to go online. This defeats all software keyloggers but not the hardware ones obviously.

Next in line is a method detailed by Technospot which suggests that you should do the following when entering usernames and passwords:

Let us assume you want to type in ghacks and fear that a keylogger would record the string. What you could do is add random chars to the string and replace them with the ghacks chars. You begin by typing "re4", mark the three chars with your mouse and type the "g". Then after the g you would write "bt" and replace bt with "h".

This is a great method to defeat software keyloggers that do not take screenshots when moving or clicking the mouse.

A quick check of the system tray and if possible the task manager could also reveal several keyloggers as long as they are not running in stealth mode.

It it important to do a quick check of the PC hardware to see if a hardware keylogger is connected to it. It is not always that easy to detect hardware keyloggers but some common ones can be spotted quite easily.

The picture above shows a hardware keylogger that was connected between PC and keyboard recording any keystrokes right into his internal memory. It becomes more difficulty if the keyboard itself contains the hardware keylogger and impossible to tell if the hardware keylogger was placed inside the system. (assuming that you can't open the PC's)

The most secure alternative would be to use your own notebook to connect to the Internet which defeats all keyloggers but not programs that record network traffic.Follow InfotechArena on Twitter @InfotechArena and Facebook

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...