Beware of Hardware Keyloggers
Fraud Prevention Tips | Keyloggers | Windows Security | Linux Security
It is not common, but computers can have hardware keyloggers attached to them. If a computer has a hardware keylogger on it, it will be able to record your keystrokes even if you are using a Linux live CD.
There is a solution though. While using an on-screen keyboard will not protect you against software keyloggers, an on-screen keyboard should protect you against hardware keyloggers. So the combination of a Linux live CD and the use of an on-screen keyboard to enter your passwords should protect against both hardware keyloggers and software keyloggers.
The Risk of Hardware Keyloggers in Public Internet Cafes
I suspect that hardware keyloggers are not common in public Internet cafes. It is much easier for Internet criminals to use malicious software to do their work for them remotely. Physical devices attached to the computer increase their chances of getting caught.
While most public computers have spyware, viruses, and trojans, very few have hardware keyloggers. In any case, here are some tips:
What Do Hardware Keyloggers Look Like?
I've linked to some images of hardware keyloggers below. The most common hardware-based keyloggers are a physical device that fits between the end of the plug of the keyboard and the box of the computer:
- A hardware keylogger that fits between keyboard and computer
- A hardware keylogger for USB keyboards
- A before and after shot of a computer with hardware keylogger installed. Notice the extra length of cable in the "after" image.
- Another hardware keylogger
Hardware Keylogger Lookalikes
Be aware that not every device that fits between a keyboard and a computer is a keylogger. There are similar-looking devices that are made to convert one type of plug to another (for example USB to PS/2). These adapter plugs are harmless.
How to Protect Yourself Against Hardware Keyloggers
It's always good to take a moment to look at the connection between the keyboard and the computer before you use a public computer. That is not the only kind of hardware keylogger though. There are also hardware keyloggers that can be put inside keyboards, or in other hard-to-detect places. By using a Linux live CD in combination with an on-screen keyboard, you should be able to bypass hardware keyloggers.
effective protection against spyware and keyloggers
Hi there,
Indeed, the advice in this article is very good and should provide a good level of protection, given the current state of matters in internet cafes.
However, sometimes it is not possible or desirable to use a live CD in an internet cafe/public library/airport kiosk/etc. For those cases, I have developed and made available a free non-commercial service, called KYPS (Keep Your Passwords Secret), that lets you log into popular web-based email sites using a one-time code instead of your normal password. All that is needed is a browser which is required anyway if one wants to check web-based email.
I am looking for feedback about this service, in order to make it better.
If you like, you can have a look at http://kyps.net
(dont forget to read the FAQ at http://site411.mysite4now.net/xrtc/KYPS/faq.htm)
Best Regards,
Andreas