Are Hardware Keyloggers a security risk?
Short answer: Not Really, in most situations. Unless you are an organization that has extremely sensitive data, specifically when someone might know that fact, it shouldn’t be an absolute concern.
Let’s look at what a hardware keylogger is:
A hardware keylogger is typically a small device that is spliced into a keyboard’s connection. They monitor each keystroke that goes through the keyboard and record it. Using either special software, or a special code, the hardware keylogger will dump all of its’ data for someone to review it. Take a look at a few photos of hardware keyloggers to see what you may want to look out for. These kinds of hardware keyloggers are small, they do not stand out, and they look like normal devices. A hardware keylogger should not be confused for a PS2 to USB connector, which looks similar to many keyloggers.
According to Wikipedia:
“Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users’ keystrokes, including sensitive passwords. They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activity to their internal memory.”
Hardware keyloggers can also be installed at a Firmware level on the Motherboard itself. These keyloggers are very uncommon as they must be individually programmed for each motherboard that will be logged.
Hardware keyloggers can also “sniff” out Wireless Keyboard signals, even over bluetooth or proprietary USB dongle connection. These are also not very common due to the amount of time they can take to make.
How can I protect myself from Hardware Keyloggers?
There is no “detection” software for hardware keyloggers. If you have highly sensitive data on a machine or server, check and make sure that the consoles in the server areas do not have any unnecessary devices attached or any devices spliced into your keyboard connection.
Prevent physical access to the machine by unauthorized persons by locking the machine up in a [physically] secure environment.
Other major keyloggers include Software keyloggers (they can be installed locally or remotely under an operating system), Acoustic Keyloggers (a rapidly developing technology), or even just video recording (place a small camera by a computer and record what’s going on).