Saturday, February 11, 2012

Beware of Hardware Key-logger in Public computer like Cybercafe

Most of time we have heard about software key logger. This software key-logger activates once Operating system starts but here is Hardware key-logger it will log every key stroke from the moment computer is turned on.Typically the memory capacity of a hardware keylogger may range from a few kilobytes to several gigabytes, with each keystroke recorded typically consuming a byte of memory. So beware of such device in public system before using sensitive data and secure web-pages like Internet banking. Here is types of Hardware key-logger.The first one is very simple it can be used with keyboard port very easily.

  1. A Regular Hardware Keylogger is used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer. It logs all keyboard activity to its internal memory which can be accessed by typing in a series of pre-defined characters. A hardware keylogger has an advantage over a software solution; because it is not dependent on the computer's operating system it will not interfere with any program running on the target machine and hence cannot be detected by any software. They are typically designed to have an innocuous appearance that blends in with the rest of the cabling or hardware, such as appearing to be an EMC Balun. They can also be installed inside a keyboard itself (as a circuit attachment or modification), or the keyboard could be manufactured with this "feature". They are designed to work with legacy PS/2 keyboards, or more recently, with USB keyboards. Some variants, known as wireless hardware keyloggers, have the ability to be controlled and monitored remotely by means of a wirelesscommmunication standard. 
  2. Wireless Keylogger sniffers - Collect packets of data being transferred from a wireless keyboard and its receiver and then attempt to crack the encryption key being used to secure wireless communications between the two devices.
  3. Firmware - A computer's BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.
  4. Keyboard overlays - a bogus keypad is placed over the real one so that any keys pressed are registered by both the eavesdropping device as well as the legitimate one that the customer is using.[