As with all hardware keyloggers, it requires the attacker to have physical access to the computer in question, both to install and later retrieve the device. With social engineering growing in sophistication, this doesn’t pose a problem to the determined individual, particularly as it takes a matter of seconds to install, and requires no technical skill. These kinds of keyloggers may only be approximately 1.5 inches long, but they have a memory capacity that allows up to two million key strokes to be recorded – which represents about five years’ worth of typing for the average computer user. Happily, this type of hardware keylogger is also the easiest to detect visually – provided you know what to look for.

More insidious forms of keyloggers are built into the keyboard. Thieves will either replace the keyboard completely or dismantle it, insert a keylogging device, and re-assemble it. Naturally this requires a greater degree of skill on the part of the criminal, and takes more time to complete. But the chances of visual or manual detection are almost zero.

Self-defense

The good news is that organizations can defend themselves against determined keyloggers. The first step, as with all effective security measures, is to educate and train users to raise awareness and create a culture of individual responsibility. The number of PCs in large companies makes it impractical for the IT security manager to check the back of every single box and every single keyboard manually. Users who carry out basic monitoring of their own equipment greatly increase the chances of detecting any rogue devices.


Secondly, organizations should look at alternatives to desktop PCs. Although still susceptible to hardware keyloggers, the inbuilt keyboards of laptop computers are far harder to tamper with. However, greater use of mobile devices brings new security challenges, which must be balanced against the reduced threat from keyloggers.

Then there are the secure tokens, smart cards or other devices that are used to provide a second layer of authentication after user names and passwords. These work by having a constantly changing passcode, meaning that any data gathered by a keylogger is immediately invalid, and cannot be used to sneak into the system.

Organizations should also consider increasing the use of drop down menus for gathering information. Instead of typing in information with trackable keystrokes, drop downs enable users to select characters or words with the mouse, which a keylogger cannot record. However, in addition to these more general security tools, there are a number of applications, recently on the market, that can automatically identify hardware keyloggers. These software solutions disable the devices by intercepting and blocking communications between it and the targeted computer. The software also alerts the IT department to the presence of keyloggers.