top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

The Concept

Anchor 1
Keystroke
logging

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored.

 

Keystroke logging - Wikipedia

Key-logger
goals

An ideal key-logger should:

  • Have an innocent appearance

  • Be easy to install and easy to remove

  • Be easily addapted to different hardware/software

Keypad
keylogging

A numeric keypad is a set of buttons arranged in a block which mostly bear digits. Numeric keypads are found on devices such as ATMs, safes, combination locks, and digital door locks. When using these devices the user is required to enter an access code to access locked products, money or information. Since the access code is the key to an immediate profit, the keypad is a natural candidate for a key-logging attack. But planting a key-logger on such a device is hardly easy for the following reasons:

  • In many cases, the hardware and software are embedded. In order to design a dedicated hardware key-logger or a dedicated software key-logger, the attacker needs to be familiar with the device’s circuitry and code.

  • Device designers are aware that the circuits and the keypad are the key to locked goods and make an effort to stop unauthorized personnel from accessing the device’s control unit.

Camera-based key-loggers exploit the interaction between the victim’s fingers and the device keypad. This approach is harder to detect since the compromised device is not tampered with. The greater the distance between a disguised key-logger and a compromised device, the harder it is to link the two and expose the attack. The attacker does not need to be familiar with the device’s circuitry or software, making it easier to focus on the development of the key-logger. Since a camera-based key-logger relies on image processing, it entails requirements for sensors, algorithms, processing power and battery usage. It is also limited by the limitations of photography such as the need for a clear line of sight and sufficient lighting – a keypad would be hard to photograph if the victim stands close to the keypad and blocks either the view of it or the light.

Body
keylogging

When a user presses the keys on a keypad, interaction is taking place between the user and the device. On one side of the interaction, there’s the device – the hardware, the software, and the mechanics. On the other side of the interaction is the user – mind, senses, limbs, and fingers. In the middle there’s the interaction – the keys of the keypad are pressed one at a time and in some cases there’s physical feedback to the user, indicating a successful key press (either visible or audible).

 

Most key-loggers target the device side of the interaction. A camera-based key-logger targets the interaction between the user and the device from a viewpoint. A body keylogger targets the interaction between the user and the device from the user’s side of the interaction.

 

When we are pressing the keys of a keypad, our body reflects the interaction with the hardware:

  • Hand’s posture reflects the key position

  • Movements reflect keystrokes

  • Actions interact with feedbacks (Audible / Visible)

All of this can be tracked and analyzed, making code recovery possible.

 

In general, a body key-logger may extract keystrokes from:

  • Fingers movements

  • Limbs movements

  • Eyes movements

  • Ideomotor phenomenon

  • Audible / Visual feedback

bottom of page