Keyloggers Explained

Is there a reason for worry?


You may have heard of keyloggers, the little pieces of malware that log every keystroke you make on your computer.

While they are (unfortunately) common these days, they started back in 1976 when an American diplomat stationed at the U.S. embassy in Moscow typed up his reports on his IBM Selectric typewriter. Little did he know that every word he was typing was being recorded.

At that time, his typewriter was bugged by the Soviets using what is considered to be the world’s first-ever keylogger. It came in the form of a miniaturized set of circuits crammed into a metal bar that ran along with the typewriter. It was hidden from view and could record every key press and send the data in real-time. It would take eight years for the Americans to discover this.

That’s like ancient history, as these days keyloggers tend to come as pieces of software (rather than hardware). In some cases, they were found on websites, with tiny pieces of JavaScript recording everything you type on a page, even before you hit the “Submit” button.

There is also spyware, which could be used by companies monitoring employees as well as stalkers spying on exes. In this article, we’ll take a look at keyloggers and what you can do to protect yourself from them. Read on for details…

Keyloggers 101

Short for keystroke loggers, keyloggers are software and/or hardware solutions that record every keystroke you make on your computer or mobile device.

They can record keystroke inputs made on text files or on a web page, and even track everything from your copy-and-paste keyboard and GPS data to your camera and microphone recordings. It is the latter case that is really spooky as it can tell a lot of personal information about you.

Software keyloggers run in the background, sniffing out keystrokes and recording everything you write.

On the other hand, hardware keyloggers are sometimes built into your device either by the manufacturer or a third-party company. Alternatively, they could be other devices (that you don’t own) like a camera that records your keystrokes.

How do keyloggers work?

Normally, whatever you type on your computer is private; keyloggers listen in, track, and record every keystroke you make. Aside from making note of which key is pressed, they can also track the velocity of that press, how long you press it, and at what time you pressed the key.

This data is then stored on a tiny file by the keylogger that is then transmitted to the keylogger’s owner. In the case of a hardware keylogger, it may also require the owner to physically retrieve the files.

Are there legitimate ways for using keyloggers?

Aside from illegal ways of using keyloggers, they also have legitimate, legal uses — and they can even be used without the user’s consent. Generally speaking, there are a few legitimate use cases for keyloggers, such as:

1. Employee monitoring
Some companies and organizations might use keyloggers to track what employees are doing on their company-issued devices. In this case, keyloggers may be used with or without the employee’s consent. The latter case tends to be employed by select government agencies, R&D departments of big companies and so on.

2. IT troubleshooting
An IT department might use keyloggers to diagnose and resolve IT issues. This way, they get to know exactly the steps the user has taken when he/she encountered an error.

3. Parental controls
Parents can install keyloggers onto their child’s devices to see what they’re up to online. Some apps even allow parents to receive alerts if their kids try accessing adult sites or other inappropriate content.

4. Marketing
A number of websites have been found collecting users’ email addresses without consent. This data is then used to bombard them with ads. The good thing is that governments around the world are working to clamp down on these practices with privacy regulations. On the other hand, there are perfectly legit ways for using keyloggers to improve a website or the entire user experience.

How to detect a keylogger on your device?

Keyloggers often have a small footprint, making their detection troublesome but not impossible. There are a few telltale signs that you have a keylogger installed on your phone or computer:

  • Performance: Your device is slower than usual as recording and sending information of your keystrokes causes your device’s performance to slow down.
  • Changed settings: Caught a new default app like a web browser? Or a new toolbar in your existing browser? That’s a red flag worth investigating (and promptly uninstalling).
  • Stability issues: Your device suddenly crashes and freezes? Another sign that something fishy is going on under the hood. Perhaps you’ll have to re-install your system from the ground up.

However, it is important to add that best keyloggers work without you noticing a thing. If you do suspect something, make sure to go through the list of installed apps and remove everything that looks suspicious. Heck, you may even want to reinstall your operating system.

Finally, when it comes to hardware keyloggers, you can search your surroundings to see whether there is some strange new device around. If you do notice something like that, make sure to investigate it.

How to protect yourself against keyloggers?

There are some things you could do to keep yourself protected from keyloggers:

  • In many cases, keyloggers are downloaded as malware. So to protect yourself, you should avoid clicking on suspicious links, or opening attachments from people you don’t know. Heck, you should think twice even when opening attachments from people you do know. And the same cautious approach goes for downloading files from fishy websites.
  • Use two-factor authentication (2FA) so that even if someone manages to get your password with a keylogger, they won’t be able to login to key services. Make sure that all these “key services” such as your Google, Facebook and banking accounts have 2FA turned on.
  • Never leave your device unattended in a public place – it could protect you from hardware keyloggers while at the same time making sure your device doesn’t get stolen.
  • Be careful with unknown USB sticks – don’t install anything from them before scanning them for viruses and other malware.
  • Install antivirus software and keep it up to date. This will probably be your best defense against all kinds of malware.
  • Use a VPN – to prevent so-called “man in the middle” attacks that could lead to your personal information falling into the wrong hands.

These tips combined will give you a good foundation to stay protected on the Internet. Good luck!