What are keyloggers, and how do they work?

It’s 1976. The Cold War. An American diplomat stationed at the U.S. embassy in Moscow arrives at work Monday morning. Sitting down at his desk, he types up his reports on his IBM Selectric typewriter. He thinks he’s secure. Little does he know that every word he’s typing is being recorded.

His typewriter has been bugged by the Soviets using the world’s first ever keylogger: a miniaturized set of circuits crammed into a metal bar that ran along the typewriter. It was hidden from view and could record every key press and transmit the data in real time. It would take eight years for the Americans to discover this.

These days, however, keyloggers are disconcertingly common. In fact, recent studies have found thousands of popular websites unintentionally recording phrases typed into online forms before the user even hit “Submit.” In some cases though, keyloggers are used as spyware. Examples include companies monitoring employees and stalkers spying on exes.

What are keyloggers?

Keyloggers—short for keystroke loggers—are pieces of software or a physical device that records every keystroke you make on your computer or mobile device.

Basic keyloggers record keystroke inputs made on text files, while more advanced versions track everything from your copy-and-paste keyboard and GPS data, to your camera and microphone recordings.

Back in the day, you’d only find hardware-based keyloggers. However, given the digital age we live in, software keyloggers have risen to prominence. Let’s take a closer look at both.

Software keyloggers

Software keyloggers are by far the most common. Software keyloggers run in the background, sniffing out keystrokes and recording everything you write.

Hardware keyloggers

Hardware keyloggers are far less common than their software counterparts. After all, it’s easier to have someone download a file or click a link than secretly slip a USB stick into their laptop. That said, hardware keyloggers are sometimes built into your device either by the manufacturer or a third-party company.

Someone could even use a hidden camera to record your keystrokes, and these don’t even need to be attached to your computer. They can be placed in public spaces such as libraries or cafes.

How do keyloggers work?

You talk to your computer via keystrokes. Pressing a key sends a signal to your computer telling it what you want it to do.

Normally, this conversation between you and your computer is private. However, keyloggers act as nosy neighbors that listen in, track, and record every keystroke you make. They make note of which key is pressed, the velocity of that press, how long you press it for, and at what time you pressed the key.

All this data is then stored on a tiny file by the keylogger. Software keyloggers periodically transmit the saved data to the keylogger’s owner, while hardware keyloggers require the owner to physically retrieve the files.

Types of keyloggers

Despite their origins in the world of espionage, keyloggers have legitimate, legal uses. However, not every state or country requires keylogger users to legally ask for consent from the person the keylogger is monitoring.

For this reason, we’re dividing the uses of keyloggers into three categories: Legal consensual use, legal non-consensual use, and criminal use. Let’s start with the former.

Legal consensual use of keyloggers

• Monitor employees: Companies might use keyloggers to track what employees are doing on their company-issued devices. For this to be consensual, the employer must disclose the use of keyloggers in the employee’s contract, which then needs to be signed by the employee to consent the use of keyloggers.
• IT troubleshooting: In order to speed things up, an IT department might use keyloggers to diagnose and resolve IT issues.
• Company security: A company or organization might install keyloggers on company devices to monitor certain keywords or phrases which mention financially sensitive material that, if exposed, could damage the company. However, data breaches can leak information legally collected by a company.

Legal non-consensual use of keyloggers

Here we get to the more morally ambiguous uses of keyloggers. While the following examples aren’t illegal per say, using them for these purposes could violate a person’s privacy.

• Parental controls: Parents can install keyloggers onto their child’s devices to see what they’re up to on the internet. Some software even allows parents to receive alerts if their kids try accessing adult sites or other inappropriate content.
• For marketing purposes: Many websites in both the U.S. and the EU have been found collecting users’ email addresses without consent. This data is then used to bombard you with targeted ads. However, governments have been clamping down on these practices with privacy regulations.

Criminal uses of keyloggers

With the world becoming increasingly digitized, we’re sharing lots of sensitive personal information on our computers and phones. Every time you log into your online banking, you’re sharing your password and other personal security information with your device. If there’s a keylogger snooping in, this information might be illegally recorded and then sold on the dark web or exploited by hackers.

Other criminal uses of keyloggers include stealing a spouse’s online account information, or stalking a non-consenting person such as an ex, friend, or stranger.

How to detect keyloggers

Keyloggers are often stealthy, making detection troublesome but not impossible. Here are a few of the telltale signs there’s a keylogger on your phone or computer:

• Things are slower than usual: Recording and sending information of all your keystrokes might cause your device performance to slow down.
• Your settings have changed: Is your computer defaulting to a new browser you didn’t authorize? Or perhaps a new toolbar has popped up out of nowhere? These might be signs there’s a keylogger on your system.
• Sudden crashes or freezes: Similar to the first point, transmitting all that keylogging data could stress your system, causing apps or your entire device to crash.

These signs, however, only apply to poorly designed keyloggers. Many keyloggers are almost impossible to detect. Particularly tenacious keyloggers may bury themselves deep on your device’s operating system where they’re hard to find.

And when it comes to hardware keyloggers, things are even more challenging. Only by physically taking apart your device do you have a chance of detecting the keylogger. This should only be attempted by a qualified technician.

How to protect against keyloggers

• Keyloggers are sometimes downloaded as malware. Avoid clicking on suspicious pop-ups, links, or attachments, especially from unfamiliar sources. The same goes for downloading files from third-party sites and other untrustworthy sources.
• Keyloggers could be used to record your account passwords. Using two-factor authentication is one way to mitigate this risk. Your password alone isn’t enough to break into your account when you have 2FA turned on. Even if a keylogger records a password, the attacker on the other end will be unable to use it to access your account.
• When it comes to hardware keyloggers, your first priority is to never leave your device unattended in a public place. It only takes a moment for a criminal to slide a USB into your device and download a keylogger.
• Be mindful of using unfamiliar USB sticks or external hard drives. Hackers can pre-installed keyloggers onto these drives, which are then downloaded to your device once you plug them in.
• Install high-quality antivirus software. Many antivirus programs have added known keyloggers to their databases and can identify them and alert you.