Keyloggers and Linux
This thread belongs to

2009-03-08 08:00 GMT   |   #1
A friend believes that someone put a h/w keylogger on her laptop. She
doesn't have the experience to pull apart the laptop to find it, and I'm too
far away to help. She's recently had trouble with restoring Win Vista to the
laptop, and it may be because her install DVDs are bad. To get her back on
her feet, I told her to install Fedora, which she is in the process of
doing. My question is how likely is that the keylogger will be effective
under Linux? I might think 0, since it seems likely a h/w keylogger would
more likely built for Win than Linux. Comments?
2009-03-08 10:38 GMT   |   #2
It's certainly possible to put a h/w logger.
Consider the USB flash memory device
"Micro Vault Tiny" by Sony: 1.25 inch x 0.56 inch x 0.13 inch,
and much of that is the USB connector.

The most likely mode of operation is: store keystrokes into
flash memory *whenever* they are typed. Dump the buffer
when next queried by accomplice software running on the CPU.
This could be the next boot or shutdown of Windows, or periodically.
Keystrokes under Linux would be vulnerable, particularly
on a dual-boot machine.

2009-03-08 11:20 GMT   |   #3
If its hardware it wouldn't matter what O/S you used !
However its unlikely to be hardware unless someone had the skills to
take the laptop apart and physically install it !

2009-03-08 12:53 GMT   |   #4
Not vulnerable if she never boots the infected Windows installation again, unless
whoever installed the logger breaks in again and carries off the flash memory.

Of course, it could be a pure hardware logger in which case it will work
with any OS, but more likely it is a pure software one and so will not
affect Linux at all.
2009-03-08 13:52 GMT   |   #5
I'd not think it'd be a hardware device, especially on a laptop, but if
this exists, your friend should call someone to take a look. I wonder
how this would have been installed in the first place? Unlikely would
a different OS installed would help (and if they can do that, they
should just have the hardware device removed or use a different
system), because it'll likely be between the keyboard and mother board
2009-03-08 15:20 GMT   |   #6
Surely this person can't be so daft as to not see a USB device sticking
out of a port on their laptop... Could they ??

2009-03-08 15:20 GMT   |   #7
Another USB device. If the person has a USB h/w logger on a laptop and
doesn't suspect it, they need to give up computing. It's no doubt possible
to install a laptop h/w logger inside the body, but would require very
skilled knowledge of both electronics and laptop construction.

I think the "friend" is either very paranoid or the OP is a troll.

2009-03-08 16:21 GMT   |   #8
You would have to inspect every inch of all USB devices to make sure
some in-line device wasn't installed, and you have to know the
function of each any every one.

And then again, some devices could be disguised as another USB device.

You might have some sort of cable storage system:
Perhaps it was modified.

A keyboard is a USB device. It could have a keystore logger built inside.
Have you opened it up and inspected the insides? What about the mouse?

People have lights, fans, and lots of other gadgets.

I like the frayed USB plug:
It looks like a gag, but has a secret function.

There there are devices that could be used as a logger, but look like
a power plug, like the SheevaPlug:

The government uses keystore loggers, and I'm sure their technology is
MUCH better that the toys I mentioned above.

Perhaps the cable itself is modified? Heh heh heh. Have you examined
every inch of the cable?

Frankly, a software keystroke logger is easier to install. Most
hackers would do that, because it's free.

IMHO The only ones who would use a hardware keystroke logger would be the
government, or someone who isn't a hacker, and buys something off the
shelf, like
2009-03-08 16:37 GMT   |   #9

That's a gag, not a keystroke logger. I'm sure the spy stores
sell real ones. Usually hackers make their own with a U3 drive, and a
modified Switchblade package. And then you only need to plug it in for
a few seconds....., and you can retrieve it remotely.

Here's a off-the-shelf device

You plug it in-line to the keyboard.

But you have to manually retrieve the data. Sad
And it's $80.
2009-03-08 18:44 GMT   |   #10
That USB flash memory device is merely an example of how small the
electronics can be. For another example, see the microSecureDigital
flash memory card of many cell phones. In many keyboards there is an
8051 microcontroller with microcode that controls the keyboard. The
communication with the CPU is over a one-wire, bi-directional serial line.
Change the 8051 microcode to record keystrokes to special-purpose flash
memory, and dump the buffer over the serial line on command frpm the CPU.

1 2nextlast