USB Keyloggers

anthony18 · 2016-03-21T21:41:22.000Z

Just saw the news that some computers at a University campus had USB keyloggers on them. At first I though someone had installed a software but in this case, it was a physical USB device connected inline with the USB Keyboard. Interesting. Never thought about that. Think of all the POS systems and bank terminal that have exposed USB connections… Scary. Might be good to start a physical audit of your PCs that are publicly accessible. Simply locking down the OS is not enough to protect the pcs from being compromised.

michaelsc · 2016-03-21T21:49:16.000Z

Even more concerning when you consider vulnerabilities with wireless keyboards. Security, the elusive dream!

Robert5205 · 2016-03-21T21:50:24.000Z

I remember seeing these at least a decade ago. They connect between your keyboard and PC and record every keystroke. Simple enough to put on and remove when no one is around.

The first element of security is always physical.

anthony18 · 2016-03-21T21:51:53.000Z

Michael.SC:

Even more concerning when you consider vulnerabilities with wireless keyboards. Security, the elusive dream!

I believe there is encryption on wireless KBs. Many years ago, I read that you can actually capture text that appears on a CRT screen using some wireless device. Will try to find the article.

Rivitir · 2016-03-21T21:59:08.000Z

Several years back a bank was compromised because the janitors installed PS/2 and USB key loggers on the helpdesk staff workstations. After that the bank started filling in and gluing all connections shut.

Physical keyloggers have been around a long time.

anthony18 · 2016-03-21T22:10:21.000Z

Rivitir:

Several years back a bank was compromised because the janitors installed PS/2 and USB key loggers on the helpdesk staff workstations. After that the bank started filling in and gluing all connections shut.

Physical keyloggers have been around a long time.

Yeah guess I’m not always up to date with the latest vulnerabilities or hacking methods.

Rivitir · 2016-03-21T22:20:52.000Z

Anthony384:

Rivitir:

Several years back a bank was compromised because the janitors installed PS/2 and USB key loggers on the helpdesk staff workstations. After that the bank started filling in and gluing all connections shut.

Physical keyloggers have been around a long time.

Yeah guess I’m not always up to date with the latest vulnerabilities or hacking methods.

Read “The Cuckoo’s Egg” by cliff Stoll. In there he uses dot matrix printers as a make shift keylogger back in the 80’s. Realy good read.

http://www.amazon.com/gp/product/B0083DJXCM/

jonahzona · 2016-03-21T22:25:13.000Z

A couple high school kids in our town got busted using one of those to get into the school SIS and change their grades.

Oh the youth of today…

brendanrichardson2 · 2016-03-21T22:43:19.000Z

physical devices have been around for a very long time. no surprise here

only surprise is the level of nefariuos individuals on the planet

Robert5205 · 2016-03-22T01:44:57.000Z

Anthony384:

Michael.SC:

Even more concerning when you consider vulnerabilities with wireless keyboards. Security, the elusive dream!

I believe there is encryption on wireless KBs. Many years ago, I read that you can actually capture text that appears on a CRT screen using some wireless device. Will try to find the article.

You can duplicate the display on a normal CRT from quite a distance. You simply need an antenna with sufficient gain and an idea of what frequencies are used to scan the beam. This was the impetus for the TEMPEST program that shields computer equipment from remote eavesdropping. Here’s the NSA’s explanation:

https://www.iad.gov/iad/programs/iad-initiatives/tempest.cfm

rojoloco · 2016-03-22T15:12:26.000Z

Brendan Pitstop NZ:

only surprise is the level of nefariuos individuals on the planet

I’m no longer surprised by the actions of humans, we are the worst.

mikemartin5 · 2016-03-22T16:08:39.000Z

thats it, everyone goes back to pend and paper!

DragonsRule · 2016-03-22T20:08:43.000Z

RojoLoco:

Brendan Pitstop NZ:

only surprise is the level of nefariuos individuals on the planet

I’m no longer surprised by the actions of humans, we are the worst.

We’re also the best. And the only (as far as we know).