What Is Keylogging?
Imagine your keyboard gossiping behind your back, spilling your deepest, darkest, and most embarrassing secrets to the world. Would you throw your brand-new MacBook into the nearest toilet?
Even a privacy cynic—the type of person who says after every data breach, “It’s only a matter of time before the president knows my BMI…and you know what? I don’t care!”—has to admit that the thought of their keyboard silently transmitting every stroke is unsettling.
The History of Keylogging
Keylogging, one of the oldest forms of cyber warfare, dates back to the Cold War. Russian spies implanted devices in the CIA’s typewriters that recorded every movement of their mechanical arms, transmitting—in real time!—the exact characters the agents were imprinting on documents.
Today, jealous spouses, overbearing bosses, and despotic regimes do the same by secretly installing keyloggers onto a device, using only slightly more advanced methods.
Types of Keyloggers
Like bed bugs, keyloggers are hearty and can live practically anywhere. Here are the main types of keyloggers you might encounter:
- Software Keyloggers: These sneaky programs can feast on the scripts of a webpage itself, burrow their way into your computer’s memory, or even pose as a legitimate program for your keyboard.
- Hardware Keyloggers: Also known as dongles, these physical keyloggers can intercept data shared between your keyboard and the USB port in your computer. They can even beam via WiFi the fact that you’ve just WikiHow-ed “how to manage a difficult boss” directly to your difficult boss.
- Wireless Keyloggers: If you’ve run afoul with the CIA or NSA, a super-sophisticated keylogger could be deployed to sniff out an unencrypted connection between your wireless keyboard and PC, snatching up your keystrokes in the process.
Expert Insights on Keylogging
Patrick Wardle, Principal Security Researcher at Jamf, calls keylogging “one of the most powerful capabilities a piece of malware can have,” but cautions those nervous they might have one installed on their device not to assume the worst case scenario.
“For the average user, I would say that the risk is not incredibly high.” Okay, thank you, but I’m still freaked out.
key log·ging
noun /kē ˈlôg-iŋ
the action of logging keystrokes, typically covertly, so that the user is not aware their actions are being monitored
How to Protect Yourself from Keyloggers
Thankfully, even if you’re not important enough to keyboard jack, there are ways you can protect yourself:
- Update Your Operating System: Always double-check that you’re running the latest version of your operating system. Cybercriminals find it more challenging to crack newer code.
- Use Anti-Spyware Software: It doesn’t hurt to install anti-spyware software. These programs can help detect and remove keyloggers before they can do any damage.
- Employ a Password Manager: Using a password manager can keep your login credentials safe. Password managers can generate and store complex passwords, reducing the risk of keyloggers capturing them.
- Check for Physical Keyloggers: Keep an eye out for suspicious dongles, which would look like a plugged-in USB stick, if you’re using a shared computer. If you find one plugged into your device at work, ask to read your company’s privacy policy. And if your bosses are tracking your every key press, it might be time to find new employment.
Debunking Keylogging Myths
There’s also some Tin Hattery you shouldn’t pay attention to online, like the folks who claim they can spot keyloggers by measuring how quickly their keyboard registers keystrokes.
“I get a lot of emails from people who are convinced they’ve been hacked, and the only evidence they provide is that their mouse moves when they didn’t move it,” explains Wardle.
But don’t automatically jump to the conclusion that the NSA is reading your email-to-self list of “to make” lasagna recipes.
- Myth: You can detect keyloggers by the speed of your keystrokes.
- Fact: Chances are, if a keylogger exists, it's sophisticated enough to evade your noticing. “I would say 95% of keyloggers are going to have no discernible impact on your operating system,” Wardle says.
Unless a teen built the keylogger last night in their basement, you won’t detect it by watching how quickly your keyboard registers keystrokes or noting minor computer quirks.
Like bed bugs, keyloggers are hearty and can live practically anywhere. They can feast on the scripts of a webpage itself, burrow their way into your computer’s memory, or even pose as a program for your keyboard.
The Thriving Keylogging Industry
The keylogging industry is thriving. It’s not only stalkers and cybercriminals but corporations, too.
- In 2015, Microsoft began shipping Windows 10 with a keylogger (which users could disable, though who thinks to do that?). Keyloggers have also been discovered in school libraries, banks, and HP laptops.
- In 2017, a German developer discovered his former employer had collected his typed information without his consent, leading a court to deem keylogging against the law. In the U.S., no federal law prevents an employer from invasively spying on its employees. Be extra wary when adding that private friends-only Slack room to your work computer.
Unfortunately, the keylogging industry is robust precisely because there’s still a (messed up!) market for such “stalker ware.” While researching this article, I stupidly YouTubed “keylogger videos,” and the results made me concerned about the state of humankind.
A video advertising how to bug a keyboard and another showing how to spy on someone’s cell phone showed how to do both. Both videos claimed they were for “educational and entertainment purposes only,” though the hosts weren’t entertaining, and I doubt anyone would watch just for the sake of education. Yikes.
Keeping Your Keystrokes Safe: Final Thoughts on Keylogging
Keylogging is a significant cybersecurity threat, but understanding how it works and taking proactive steps can protect you.
Whether you ensure your operating system is up to date, install anti-spyware software, or check for suspicious dongles before using a new device, taking these measures can help safeguard your personal information.
So, while the idea of your keyboard turning against you is unsettling, remember that with the right precautions, you can keep your secrets safe and secure.
Stay on top of cybersecurity news by learning what 13 of the most common cybersecurity terms mean.
Sign up to receive news and updates about Dashlane