Linux Security

Beware of Hardware Keyloggers

| | |

It is not common, but computers can have hardware keyloggers attached to them. If a computer has a hardware keylogger on it, it will be able to record your keystrokes even if you are using a Linux live CD.

There is a solution though. While using an on-screen keyboard will not protect you against software keyloggers, an on-screen keyboard should protect you against hardware keyloggers. So the combination of a Linux live CD and the use of an on-screen keyboard to enter your passwords should protect against both hardware keyloggers and software keyloggers.

The Risk of Hardware Keyloggers in Public Internet Cafes

I suspect that hardware keyloggers are not common in public Internet cafes. It is much easier for Internet criminals to use malicious software to do their work for them remotely. Physical devices attached to the computer increase their chances of getting caught.

While most public computers have spyware, viruses, and trojans, very few have hardware keyloggers. In any case, here are some tips:

What Do Hardware Keyloggers Look Like?

I've linked to some images of hardware keyloggers below. The most common hardware-based keyloggers are a physical device that fits between the end of the plug of the keyboard and the box of the computer:

Hardware Keylogger Lookalikes

Be aware that not every device that fits between a keyboard and a computer is a keylogger. There are similar-looking devices that are made to convert one type of plug to another (for example USB to PS/2). These adapter plugs are harmless.

How to Protect Yourself Against Hardware Keyloggers

It's always good to take a moment to look at the connection between the keyboard and the computer before you use a public computer. That is not the only kind of hardware keylogger though. There are also hardware keyloggers that can be put inside keyboards, or in other hard-to-detect places. By using a Linux live CD in combination with an on-screen keyboard, you should be able to bypass hardware keyloggers.

Wireless Drive-by Attacks

|

A new type of security exploit has been mentioned on ComputerWorld.com.

"Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver...

"This would be the digital equivalent of a drive-by shooting," said Maynor. An attacker could exploit this flaw by simply sitting in a public space and waiting for the right type of machine to come into range.

The victim would not even need to connect to a network for the attack to work."

Syndicate content