Much of the security focus on keystroke loggers is on software / malware that violate privacy and security. At public computer terminals, there is the further danger of physical keystroke loggers. This is hardware that is placed between the keyboard and the computer. Essentially, it records all the input activity. There are even some keyboards which have a built in keystroke logger.

The detection of these devices is difficult. First of all, most people do not look for a physical recording device. The awareness is directed more at whether the machine is free of malware. The other factor is that these physical keystroke loggers are difficult to detect and out of sight. And, if the logger is built into the keyboard, then the average computer user would miss it. They are that well disguised.

This type of security breach is insidious. The harm may not become readily apparent. If, for example, a keystroke logger is on a hotel terminal, the data may not be retrieved for months after your stay. Your data are stored on the logger and may be used long after you have forgotten that there was a stay at that establishment. And it should be remembered that these physical loggers may defeat encryption. The encryption takes place after the physical keystroke logger has recorded the input. It’s just devious stuff, so be careful…

Catherine Forsythe
Director of Operations
FlyingHamster:  http://flyinghamster.com/

[tags]keystroke logger, hardware, malware, privacy, security, encryption, storage[/tags]