# Keystroke logging

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Keystroke_logging
> Markdown URL: https://mediated.wiki/source/Keystroke_logging.md
> Source: https://en.wikipedia.org/wiki/Keystroke_logging
> Source revision: 1354575240
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Action of recording the keys struck on a keyboard

Part of a series on Computer hacking History Phreaking Cryptovirology Hacking of consumer electronics List of hackers Hacker culture and ethic Hackathon Hacker Manifesto Hackerspace Hacktivism Maker culture Types of hackers Black hat Grey hat White hat Conferences Black Hat (conference) Chaos Communication Congress DEF CON Hackers on Planet Earth Security BSides ShmooCon Summercon Cybercrime Crimeware List of cybercriminals Script kiddie Hacking tools Exploit forensics-focused operating systems Payload Social engineering Vulnerability Practice sites HackThisSite Zone-H Malware Rootkit Backdoor Trojan horse Virus Worm Spyware Ransomware Logic bomb Botnet Keystroke logging HIDS Web shell RCE Infostealer Computer security Application security Cloud computing security Network security Groups Anonymous Chaos Computer Club Homebrew Computer Club (defunct) Legion of Doom (defunct) LulzSec (defunct) Masters of Deception (defunct) Red team / Blue team Publications 2600: The Hacker Quarterly Hacker News Nuts and Volts Phrack v t e

**Keystroke logging**, often referred to as **keylogging** or **keyboard capturing**, is the action of recording ([logging](/source/Logging_(computing))) the keys pressed on a [keyboard](/source/Computer_keyboard),[1][2] typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A **keystroke recorder** or **keylogger** can be either [software](/source/Software) or [hardware](/source/Computer_hardware).

While the programs themselves are legal,[3] with many designed to allow employers to oversee the use of their computers, keyloggers are most often used for stealing passwords and other [confidential information](/source/Confidential_information).[4][5] Keystroke logging can also be utilized to monitor activities of children in schools or at home and by law enforcement officials to investigate malicious usage.[6]

Keylogging can also be used to study [keystroke dynamics](/source/Keystroke_dynamics)[7] or [human-computer interaction](/source/Human%E2%80%93computer_interaction). Numerous keylogging methods exist, ranging from hardware and [software](/source/Software)-based approaches to [acoustic cryptanalysis](/source/Acoustic_cryptanalysis).

## History

In the mid-1970s, the [Soviet Union](/source/Soviet_Union) developed and deployed a hardware keylogger targeting [US Embassy](/source/US_Embassy) [typewriters](/source/Typewriter). Termed the "selectric bug", it transmitted the typed characters on [IBM Selectric](/source/IBM_Selectric) typewriters via magnetic detection of the mechanisms causing rotation of the print head.[8] An early keylogger was written by [Perry Kivolowitz](/source/Perry_Kivolowitz) and posted to the [Usenet newsgroup](/source/Usenet_newsgroup) net.unix-wizards, net.sources on November 17, 1983.[9] The posting seems to be a motivating factor in restricting access to /dev/kmem on [Unix](/source/Unix) systems. The [user-mode](/source/User-mode) program operated by locating and dumping character lists (clients) as they were assembled in the Unix kernel.

In the 1970s, spies installed keystroke loggers in the [US Embassy](/source/Embassy_of_the_United_States%2C_Moscow) and Consulate buildings in [Moscow](/source/Moscow).[10][11] They installed the bugs in [Selectric](/source/Selectric) II and Selectric III electric typewriters.[12]

Soviet embassies used manual typewriters, rather than electric typewriters, for [classified information](/source/Classified_information)—apparently because they are immune to such bugs.[12] As of 2013, Russian special services still use typewriters.[11][13][14]

## Application of keylogger

### Software-based keyloggers

A keylogger example of a screen capture, which holds potentially confidential and private information. The image below holds the corresponding keylogger text result.

A [logfile](/source/Logfile) from a software-based keylogger, based on the screen capture above

A software-based keylogger is a computer program designed to record any input from the keyboard.[15] Keyloggers are used in [IT](/source/Information_technology) organizations to troubleshoot technical problems with computers and business networks. Families and businesspeople use keyloggers legally to monitor network usage without their users' direct knowledge. [Microsoft](/source/Microsoft) publicly stated that [Windows 10](/source/Windows_10) has a built-in keylogger in its final version "to improve typing and writing services".[16] However, malicious individuals can use keyloggers on public computers to steal passwords or credit card information. Most keyloggers are not stopped by [HTTPS](/source/HTTP_Secure) encryption because that only protects [data in transit](/source/Data_in_transit) between computers; software-based keyloggers run on the affected user's computer, reading keyboard inputs directly as the user types.

From a technical perspective, there are several categories:

- **Hypervisor-based**: The keylogger can theoretically reside in a [malware](/source/Malware) [hypervisor](/source/Hypervisor) running underneath the operating system, which thus remains untouched. It effectively becomes a [virtual machine](/source/Virtual_machine). [Blue Pill](/source/Blue_Pill_(software)) is a conceptual example.

- **[Kernel](/source/Kernel_(operating_system))-based**: A program on the machine obtains [root access](/source/Superuser) to hide in the OS and intercepts keystrokes that pass through the kernel. This method is difficult both to write and to combat. Such keyloggers reside at the [kernel level](/source/Ring_(computer_security)), which makes them difficult to detect, especially for user-mode applications that do not have root access. They are frequently implemented as [rootkits](/source/Rootkit) that subvert the operating system kernel to gain unauthorized access to the hardware. This makes them very powerful. A keylogger using this method can act as a keyboard [device driver](/source/Device_driver), for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.

- **API-based**: These keyloggers [hook](/source/Hooking) keyboard [APIs](/source/Application_programming_interface) inside a running application. The keylogger registers keystroke events as if it was a normal piece of the application instead of malware. The keylogger receives an [event](/source/Event_(computing)) each time the user presses or releases a key. The keylogger simply records it. This is usually done by inject a [DLL](/source/Dynamic_link_library) to other processes.[17] - Windows APIs such as GetAsyncKeyState(), GetForegroundWindow(), etc. are used to poll the state of the keyboard or to subscribe to keyboard events.[18] A more recent[*[when?](https://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style/Dates_and_numbers#Chronological_items)*] example simply polls the [BIOS](/source/BIOS) for pre-boot authentication [PINs](/source/Personal_identification_number) that have not been cleared from memory.[19]

- **Form grabbing based**: [Form grabbing](/source/Form_grabbing)-based keyloggers log [Web form](/source/Form_(web)) submissions by recording the form data on submit events. This happens when the user completes a form and submits it, usually by clicking a button or pressing enter. This type of keylogger records form data before it is passed over the Internet.

- **IME-based**: A malicious [IME](/source/Input_method_editor) can do keylogging.

- **[JavaScript](/source/JavaScript)-based:** A malicious script tag is injected into a targeted web page, and listens for key events such as onKeyUp(). Scripts can be injected via a variety of methods, including [cross-site scripting](/source/Cross-site_scripting), [man-in-the-browser](/source/Man-in-the-browser), [man-in-the-middle](/source/Man-in-the-middle_attack), or a compromise of the remote website.[20]

- **Memory-injection-based**: Memory Injection ([MitB](/source/Man-in-the-browser))-based keyloggers perform their logging function by altering the memory tables associated with the browser and other system functions. By patching the memory tables or injecting directly into memory, this technique can be used by malware authors to bypass Windows UAC (User Account Control). The [Zeus](/source/Zeus_(malware)) and [SpyEye](/source/SpyEye_trojan) trojans use this method exclusively.[21] Non-Windows systems have protection mechanisms that allow access to locally recorded data from a remote location.[22] Remote communication may be achieved when one of these methods is used: - Data is uploaded to a website, database or an [FTP](/source/File_Transfer_Protocol) server. - Data is periodically emailed to a pre-defined [email address](/source/Email_address). - Data is [wirelessly](/source/Wireless) transmitted employing an attached hardware system. - The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine.

#### Keystroke logging in writing process research

Since 2006, keystroke logging has been an established research method for the study of writing processes.[23][24] Different programs have been developed to collect online process data of writing activities,[25] including [Inputlog](/source/Inputlog), Scriptlog, Translog, GGXLog, and TypeFlow.[26][27]

Keystroke logging is used legitimately as a suitable research instrument in several writing contexts. These include studies on cognitive writing processes, which include

- descriptions of writing strategies; the writing development of children (with and without writing difficulties),

- spelling,

- first and second language writing, and

- specialist skill areas such as translation and subtitling.

Keystroke logging can be used to research writing, specifically. It can also be integrated into educational domains for second language learning, programming skills, and typing skills.

#### Keystroke logging as a secure defense

Recently, there has been extensive research completed into the use of keystroke logging data not only as a form of attack, but also as a form of behavioral defense for users. A 2020 study, “Passphrase and Keystroke Dynamics Authentication” by Ahmed and Traore evaluated whether keystroke-dynamics models could support the strategy of continuous authentication. Continuous authentication is a prevention strategy that takes advantage of the users normal behaviors to establish a baseline, and then checks for deviations from that baseline to detect adversarial activity. This study analyzed the performance of several machine learning classifiers to identify user typing patterns, latencies, and timing. The authors found that even small deviations in typing patterns could be strong indicators of impersonations. This suggests that keystroke logging data can serve defensive purposes when captured ethically and with the users permission.[28]

This study also reported that machine learning models trained on genuine typing behavior achieved low false acceptance and false rejection rates in most instances, showing that the use of continuous authentication systems can operate with low error rates. They also found that the typing patterns of most people have enough discriminatory signals that you could create a personal profile based on the typing habits alone. This shows that the same core exploits used by malicious attackers can also form the basis of security systems designed to protect users from intrusions and impersonations. The authors concluded that while keystroke-dynamics authentication is promising, its deployment must carefully balance security, usability, and privacy considerations for the optimal user experience.

#### Related features

Software keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:

- Clipboard logging. Anything that has been copied to the [clipboard](/source/Clipboard_(software)) can be captured by the program.

- Screen logging. [Screenshots](/source/Screenshot) are taken to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen, of just one application, or even just around the mouse cursor. They may take these screenshots periodically or in response to user behaviors (for example, when a user clicks the mouse). Screen logging can be used to capture data inputted with an on-screen keyboard.

- Programmatically capturing the text in a [control](/source/GUI_widget). The [Microsoft Windows](/source/Microsoft_Windows) [API](/source/Application_programming_interface) allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks).[29]

- The recording of every program/folder/window opened including a screenshot of every website visited.

- The recording of [search engines queries](/source/Web_search_query), [instant messenger](/source/Instant_messenger) conversations, FTP downloads and other Internet-based activities (including the bandwidth used).

### Hardware-based keyloggers

A hardware-based keylogger

A connected hardware-based keylogger

Main article: [Hardware keylogger](/source/Hardware_keylogger)

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.

- Firmware-based: [BIOS](/source/BIOS)-level [firmware](/source/Firmware) that handles keyboard events can be modified to record these events as they are processed. Physical and/or [root-level access](/source/Superuser) is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.[30]

- Keyboard hardware: Hardware keyloggers are used for keystroke logging utilizing a hardware circuit that is attached somewhere in between the [computer keyboard](/source/Computer_keyboard) and the computer, typically inline with the keyboard's cable connector. There are also [USB](/source/Universal_Serial_Bus) connector-based hardware keyloggers, as well as ones for laptop computers (the [Mini-PCI](/source/Mini-PCI) card plugs into the expansion slot of a laptop). More stealthy implementations can be installed or built into standard keyboards so that no device is visible on the external cable. Both types log all keyboard activity to their [internal memory](/source/Primary_storage), which can be subsequently accessed, for example, by typing in a secret key sequence. Hardware keyloggers do not require any software to be installed on a target user's computer, therefore not interfering with the computer's operation and less likely to be detected by software running on it. However, its physical presence may be detected if, for example, it is installed outside the case as an inline device between the computer and the keyboard. Some of these implementations can be controlled and monitored remotely using a wireless communication standard.[31]

- Wireless keyboard and mouse [sniffers](/source/Sniffer_(protocol_analyzer)): These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked beforehand if the transmissions are to be read. In some cases, this enables an attacker to type arbitrary commands into a victim's computer.[32]

- Keyboard overlays: Criminals have been known to use keyboard overlays on [ATMs](/source/Automated_teller_machine) to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.[33]

- Acoustic keyloggers: [Acoustic cryptanalysis](/source/Acoustic_cryptanalysis) can be used to monitor the sound created by someone typing on a computer. Each key on the keyboard makes a subtly different acoustic signature when struck. It is then possible to identify which keystroke signature relates to which keyboard character via [statistical methods](/source/Statistics) such as [frequency analysis](/source/Frequency_analysis). The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters.[34] A fairly long recording (1000 or more keystrokes) is required so that a large enough [sample](/source/Sample_(statistics)) is collected.[35]

- Electromagnetic emissions: It is possible to capture the [electromagnetic emissions](/source/Electromagnetic_radiation) of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it.[36] In 2009, Swiss researchers tested 11 different [USB](/source/Universal_Serial_Bus), [PS/2](/source/IBM_Personal_System%2F2) and laptop keyboards in a semi-[anechoic chamber](/source/Anechoic_chamber) and found them all vulnerable, primarily because of the prohibitive cost of adding [shielding](/source/Electromagnetic_shielding) during manufacture.[37] The researchers used a wide-band [receiver](/source/Receiver_(radio)) to tune into the specific frequency of the emissions radiated from the keyboards.

- Optical surveillance: Optical surveillance, while not a keylogger in the classical sense, is nonetheless an approach that can be used to capture passwords or [PINs](/source/Personal_identification_number). A strategically placed camera, such as a hidden [surveillance camera](/source/Surveillance_camera) at an [ATM](/source/Automated_teller_machine), can allow a criminal to watch a PIN or password being entered.[38][39]

- Physical evidence: For a keypad that is used only to enter a security code, the keys which are in actual use will have evidence of use from many fingerprints. A passcode of four digits, if the four digits in question are known, is reduced from 10,000 possibilities to just 24 possibilities (104 versus 4! [[factorial](/source/Factorial) of 4]). These could then be used on separate occasions for a manual "brute force attack".

- [Smartphone](/source/Smartphone) sensors: Researchers have demonstrated that it is possible to capture the keystrokes of nearby computer keyboards using only the commodity [accelerometer](/source/Accelerometer) found in smartphones.[40] The attack is made possible by placing a smartphone near a keyboard on the same desk. The smartphone's accelerometer can then detect the vibrations created by typing on the keyboard and then translate this raw accelerometer signal into readable sentences with as much as 80 percent accuracy. The technique involves working through probability by detecting pairs of keystrokes, rather than individual keys. It models "keyboard events" in pairs and then works out whether the pair of keys pressed is on the left or the right side of the keyboard and whether they are close together or far apart on the [QWERTY](/source/QWERTY) keyboard. Once it has worked this out, it compares the results to a preloaded dictionary where each word has been broken down in the same way.[41] Similar techniques have also been shown to be effective at capturing keystrokes on touchscreen keyboards[42][43][44] while in some cases, in combination with [gyroscope](/source/Gyroscope)[45][46] or with the ambient-light sensor.[47]

- Body keyloggers: Body keyloggers track and analyze body movements to determine which keys were pressed. The attacker needs to be familiar with the keys layout of the tracked keyboard to correlate between body movements and keys position, although with a suitably large sample this can be deduced. Tracking audible signals of the user' interface (e.g. a sound the device produce to informs the user that a keystroke was logged) may reduce the complexity of the body keylogging algorithms, as it marks the moment at which a key was pressed.[48]

## Cracking

Writing simple software applications for keylogging can be trivial, and like any nefarious computer program, can be distributed as a [trojan horse](/source/Trojan_horse_(computing)) or as part of a [virus](/source/Computer_virus). What is not trivial for an attacker, however, is installing a covert keystroke logger without getting caught and downloading data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that sends keylogged data to a fixed e-mail address or [IP address](/source/IP_address) risks exposing the attacker.

### Trojans

Researchers Adam Young and Moti Yung discussed several methods of sending keystroke logging. They presented a deniable password snatching attack in which the keystroke logging trojan is installed using a virus or [worm](/source/Computer_worm). An attacker who is caught with the virus or worm can claim to be a victim. The [cryptotrojan](/source/Cryptotrojan) asymmetrically encrypts the pilfered login/password pairs using the [public key](/source/Public_key) of the trojan author and covertly broadcasts the resulting [ciphertext](/source/Ciphertext). They mentioned that the ciphertext can be [steganographically](/source/Steganography) encoded and posted to a public bulletin board such as [Usenet](/source/Usenet).[49][50]

### Use by police

In 2000, the [FBI](/source/Federal_Bureau_of_Investigation) used FlashCrest iSpy to obtain the [PGP](/source/Pretty_Good_Privacy) [passphrase](/source/Passphrase) of [Nicodemo Scarfo, Jr.](/source/Nicodemo_Scarfo%2C_Jr.), son of mob boss [Nicodemo Scarfo](/source/Nicodemo_Scarfo).[51] Also in 2000, the FBI lured two suspected Russian [cybercriminals](/source/Cybercriminal) to the US in an elaborate ruse, and captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in [Russia](/source/Russia). The FBI then used these credentials to gain access to the suspects' computers in Russia to obtain evidence to prosecute them.[52]

## Countermeasures

The effectiveness of countermeasures varies because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. In the case of Windows 10 keylogging by Microsoft, changing certain privacy settings may disable it.[53] An on-screen keyboard will be effective against hardware keyloggers; transparency[*[clarification needed](https://en.wikipedia.org/wiki/Wikipedia:Please_clarify)*] will defeat some—but not all—screen loggers. An [anti-spyware](/source/Anti-spyware) application that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers.

Keylogger program authors may be able to update their program's code to adapt to countermeasures that have proven effective against it.

### Anti-keyloggers

Main article: [Anti-keylogger](/source/Anti-keylogger)

An [anti-keylogger](/source/Anti-keylogger) is a piece of [software](/source/Software) specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers, looking for similarities which might indicate the presence of a hidden keylogger. As anti-keyloggers have been designed specifically to detect keyloggers, they have the potential to be more effective than conventional antivirus software; some antivirus software do not consider keyloggers to be malware, as under some circumstances a keylogger can be considered a legitimate piece of software.[54]

### Live CD/USB

Rebooting the computer using a [Live CD](/source/Live_CD) or write-protected [Live USB](/source/Live_USB) is a possible countermeasure against software keyloggers if the CD is clean of malware and the operating system contained on it is secured and fully patched so that it cannot be infected as soon as it is started. Booting a different operating system does not impact the use of a hardware or BIOS based keylogger.

### Anti-spyware / Anti-virus programs

Many [anti-spyware](/source/Anti-spyware) applications can detect some software based keyloggers and quarantine, disable, or remove them. However, because many keylogging programs are legitimate pieces of software under some circumstances, anti-spyware often neglects to label keylogging programs as spyware or a virus. These applications can detect software-based keyloggers based on patterns in [executable code](/source/Subroutine), [heuristics](/source/Heuristics) and keylogger behaviors (such as the use of [hooks](/source/Hooking) and certain [APIs](/source/Application_programming_interface)).

No software-based anti-spyware application can be 100% effective against all keyloggers.[55] Software-based anti-spyware cannot defeat non-software keyloggers (for example, hardware keyloggers attached to keyboards will always receive keystrokes before any software-based anti-spyware application).

The particular technique that the anti-spyware application uses will influence its potential effectiveness against software keyloggers. As a general rule, anti-spyware applications with [higher privileges](/source/Ring_(computer_security)) will defeat keyloggers with lower privileges. For example, a hook-based anti-spyware application cannot defeat a kernel-based keylogger (as the keylogger will receive the keystroke messages before the anti-spyware application), but it could potentially defeat hook- and API-based keyloggers.

### Network monitors

[Network monitors](/source/Network_monitoring) (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "[phoning home](/source/Phoning_home)" with their typed information.

### Automatic form filler programs

Main article: [Form filler](/source/Form_filler)

Automatic form-filling programs may prevent keylogging by removing the requirement for a user to type personal details and passwords using the keyboard. [Form fillers](/source/Form_filler) are primarily designed for [Web browsers](/source/Web_browser) to fill in checkout pages and log users into their accounts. Once the user's account and [credit card](/source/Credit_card) information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or [clipboard](/source/Clipboard_(software)), thereby reducing the possibility that private data is being recorded. However, someone with physical access to the machine may still be able to install software that can intercept this information elsewhere in the operating system or while in transit on the network. ([Transport Layer Security](/source/Transport_Layer_Security) (TLS) reduces the risk that data in transit may be intercepted by [network sniffers](/source/Packet_analyzer) and [proxy tools](/source/Proxy_server).)

### One-time passwords (OTP)

Using [one-time passwords](/source/One-time_password) may prevent unauthorized access to an account which has had its login details exposed to an attacker via a keylogger, as each password is invalidated as soon as it is used. This solution may be useful for someone using a public computer. However, an attacker who has remote control over such a computer can simply wait for the victim to enter their credentials before performing unauthorized transactions on their behalf while their session is active.

Another common way to protect access codes from being stolen by keystroke loggers is by asking users to provide a few randomly selected characters from their authentication code. For example, they might be asked to enter the 2nd, 5th, and 8th characters. Even if someone is watching the user or using a keystroke logger, they would only get a few characters from the code without knowing their positions.[56]

### Security tokens

Use of [smart cards](/source/Smart_card) or other [security tokens](/source/Security_token) may improve security against [replay attacks](/source/Replay_attack) in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase. Knowing the keystrokes, mouse actions, display, clipboard, etc. used on one computer will not subsequently help an attacker gain access to the protected resource. Some security tokens work as a type of hardware-assisted one-time password system, and others implement a cryptographic [challenge–response authentication](/source/Challenge%E2%80%93response_authentication), which can improve security in a manner conceptually similar to one time passwords. [Smartcard readers](/source/Card_reader) and their associated keypads for [PIN](/source/Personal_identification_number) entry may be vulnerable to keystroke logging through a so-called [supply chain attack](/source/Supply_chain_attack)[57] where an attacker substitutes the card reader/PIN entry hardware for one which records the user's PIN.

### On-screen keyboards

Most on-screen keyboards (such as the on-screen keyboard that comes with [Windows XP](/source/Windows_XP)) send normal keyboard event messages to the external target program to type text. Software key loggers can log these typed characters sent from one program to another.[58]

### Keystroke interference software

Keystroke interference software is also available.[59] These programs attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to. An attacker has the task of extracting the keystrokes of interest—the security of this mechanism, specifically how well it stands up to [cryptanalysis](/source/Cryptanalysis), is unclear.

### Operating system built-in security

Since [Windows Vista](/source/Windows_Vista), a software to inject DLL requires the [UAC](/source/User_Account_Control) administrative rights,[60] and all drivers must have the legal [digital signature](/source/Digital_signature). Since [Windows 11](/source/Windows_11), it requires [Secure Boot](/source/Secure_Boot), and if [Secure Boot](/source/Secure_Boot) is enabled, only [WHQL](/source/WHQL) validated drivers are allowed.[61] Since [Windows 11, version 24H2](/source/Windows_11%2C_version_24H2), it added [app permissions](/source/App_permissions) control for Screenshot and Screen Recording.

### Speech recognition

Similar to on-screen keyboards, [speech-to-text conversion](/source/Speech_recognition) software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the user's speech has been processed.

### Handwriting recognition and mouse gestures

Many [PDAs](/source/Personal_digital_assistant) and lately [tablet PCs](/source/Tablet_computer) can already convert pen (also called stylus) movements on their [touchscreens](/source/Touchscreen) to computer understandable text successfully. [Mouse gestures](/source/Mouse_gestures) use this principle by using mouse movements instead of a stylus. Mouse gesture programs convert these strokes to user-definable actions, such as typing text. Similarly, [graphics tablets](/source/Graphics_tablet) and [light pens](/source/Light_pen) can be used to input these gestures, however, these are becoming less common.[*[timeframe?](https://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style/Words_to_watch#Relative_time_references)*]

The same potential weakness of speech recognition applies to this technique as well.

### Macro expanders/recorders

With the help of many programs, a seemingly meaningless text can be expanded to a meaningful text and most of the time context-sensitively, e.g. "en.wikipedia.org" can be expanded when a web browser window has the focus. The biggest weakness of this technique is that these programs send their keystrokes directly to the target program. However, this can be overcome by using [the 'alternating' technique described below](#_Nontechnological_methods), i.e. sending mouse clicks to non-responsive areas of the target program, sending meaningless keys, sending another mouse click to the target area (e.g. password field) and switching back-and-forth.

### Deceptive typing

Alternating between typing the login credentials and typing characters somewhere else in the focus window[62] can cause a keylogger to record more information than it needs to, but this could be easily filtered out by an attacker. Similarly, a user can move their cursor using the mouse while typing, causing the logged keystrokes to be in the wrong order e.g., by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter. Lastly, someone can also use [context menus](/source/Context_menu) to remove, [cut, copy, and paste](/source/Cut%2C_copy%2C_and_paste) parts of the typed text without using the keyboard. An attacker who can capture only parts of a password will have a larger [key space](/source/Key_space_(cryptography)) to attack if they choose to execute a [brute-force attack](/source/Brute-force_attack).

Another very similar technique uses the fact that any selected text portion is replaced by the next key typed. e.g., if the password is "secret", one could type "s", then some dummy keys "asdf". These dummy characters could then be selected with the mouse, and the next character from the password "e" typed, which replaces the dummy characters "asdf".

These techniques assume incorrectly that keystroke logging software cannot directly monitor the clipboard, the selected text in a form, or take a screenshot every time a keystroke or mouse click occurs. They may, however, be effective against some hardware keyloggers.

## See also

- [Anti-keylogger](/source/Anti-keylogger)

- [Black-bag cryptanalysis](/source/Black-bag_cryptanalysis)

- [Computer surveillance](/source/Computer_surveillance)

- [Cybercrime](/source/Cybercrime)

- [Digital footprint](/source/Digital_footprint)

- [Hardware keylogger](/source/Hardware_keylogger)

- [Reverse connection](/source/Reverse_connection)

- [Session replay](/source/Session_replay)

- [Spyware](/source/Spyware)

- [Trojan horse](/source/Trojan_horse_(computing))

- [Virtual keyboard](/source/Virtual_keyboard)

- [Web tracking](/source/Web_tracking)

## References

1. **[^](#cite_ref-1)** Nyang, DaeHun; Mohaisen, Aziz; Kang, Jeonil (2014-11-01). "Keylogging-Resistant Visual Authentication Protocols". *IEEE Transactions on Mobile Computing*. **13** (11): 2566–2579. [Bibcode](/source/Bibcode_(identifier)):[2014ITMC...13.2566N](https://ui.adsabs.harvard.edu/abs/2014ITMC...13.2566N). [doi](/source/Doi_(identifier)):[10.1109/TMC.2014.2307331](https://doi.org/10.1109%2FTMC.2014.2307331). [ISSN](/source/ISSN_(identifier)) [1536-1233](https://search.worldcat.org/issn/1536-1233). [S2CID](/source/S2CID_(identifier)) [8161528](https://api.semanticscholar.org/CorpusID:8161528).

1. **[^](#cite_ref-2)** Conijn, Rianne; Cook, Christine; van Zaanen, Menno; Van Waes, Luuk (2021-08-24). ["Early prediction of writing quality using keystroke logging"](https://doi.org/10.1007%2Fs40593-021-00268-w). *International Journal of Artificial Intelligence in Education*. **32** (4): 835–866. [doi](/source/Doi_(identifier)):[10.1007/s40593-021-00268-w](https://doi.org/10.1007%2Fs40593-021-00268-w). [hdl](/source/Hdl_(identifier)):[10067/1801420151162165141](https://hdl.handle.net/10067%2F1801420151162165141). [ISSN](/source/ISSN_(identifier)) [1560-4292](https://search.worldcat.org/issn/1560-4292). [S2CID](/source/S2CID_(identifier)) [238703970](https://api.semanticscholar.org/CorpusID:238703970).

1. **[^](#cite_ref-3)** [Use of legal software products for computer monitoring](https://www.keylogger.org/keylogger.html#h_8), keylogger.org

1. **[^](#cite_ref-4)** ["Keylogger"](https://web.archive.org/web/20130911175015/http://oxforddictionaries.com/definition/english/keylogger). Oxford dictionaries. Archived from [the original](http://oxforddictionaries.com/definition/english/keylogger) on 2013-09-11. Retrieved 2013-08-03.

1. **[^](#cite_ref-5)** [Keyloggers: How they work and how to detect them (Part 1)](https://securelist.com/keyloggers-how-they-work-and-how-to-detect-them-part-1/36138/), *Secure List*, "Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose."

1. **[^](#cite_ref-6)** Rai, Swarnima; Choubey, Vaaruni; Suryansh; Garg, Puneet (2022-07-08). "A Systematic Review of Encryption and Keylogging for Computer System Security". *2022 Fifth International Conference on Computational Intelligence and Communication Technologies (CCICT)*. IEEE. pp. 157–163. [doi](/source/Doi_(identifier)):[10.1109/CCiCT56684.2022.00039](https://doi.org/10.1109%2FCCiCT56684.2022.00039). [ISBN](/source/ISBN_(identifier)) [978-1-6654-7224-1](https://en.wikipedia.org/wiki/Special:BookSources/978-1-6654-7224-1). [S2CID](/source/S2CID_(identifier)) [252849669](https://api.semanticscholar.org/CorpusID:252849669).

1. **[^](#cite_ref-7)** Stefan, Deian, Xiaokui Shu, and [Danfeng Daphne Yao](/source/Danfeng_Yao). "[Robustness of keystroke-dynamics based biometrics against synthetic forgeries](http://cseweb.ucsd.edu/~dstefan/pubs/stefan:2011:robust.pdf)." computers & security 31.1 (2012): 109-121.

1. **[^](#cite_ref-8)** ["Selectric bug"](http://www.cryptomuseum.com/covert/bugs/selectric/index.htm).

1. **[^](#cite_ref-9)** ["The Security Digest Archives"](http://securitydigest.org/unix/archive/006). Retrieved 2009-11-22.

1. **[^](#cite_ref-10)** ["Soviet Spies Bugged World's First Electronic Typewriters"](https://web.archive.org/web/20131220110339/http://www.qccglobal.com/news/first-keystroke-logger.php). *qccglobal.com*. Archived from [the original](http://www.qccglobal.com/news/first-keystroke-logger.php) on 2013-12-20. Retrieved 2013-12-20.

1. ^ [***a***](#cite_ref-ingersoll_11-0) [***b***](#cite_ref-ingersoll_11-1) Geoffrey Ingersoll. ["Russia Turns To Typewriters To Protect Against Cyber Espionage"](http://www.businessinsider.com/russia-turns-to-typewriters-for-secrets-2013-7). 2013.

1. ^ [***a***](#cite_ref-gunman_12-0) [***b***](#cite_ref-gunman_12-1) Sharon A. Maneki. ["Learning from the Enemy: The GUNMAN Project"](http://www.nsa.gov/about/_files/cryptologic_heritage/center_crypt_history/publications/learning_from_the_enemy_the_gunman_project.pdf) [Archived](https://web.archive.org/web/20171203032854/https://www.nsa.gov/about/_files/cryptologic_heritage/center_crypt_history/publications/learning_from_the_enemy_the_gunman_project.pdf) 2017-12-03 at the [Wayback Machine](/source/Wayback_Machine). 2012.

1. **[^](#cite_ref-13)** Agence France-Presse, Associated Press (13 July 2013). ["Wanted: 20 electric typewriters for Russia to avoid leaks"](http://technology.inquirer.net/27149/wanted-20-electric-typewriters-for-russia-to-avoid-leaks). *inquirer.net*.

1. **[^](#cite_ref-14)** Anna Arutunyan. ["Russian security agency to buy typewriters to avoid surveillance"](http://themoscownews.com/russia/20130711/191758523/Russian-security-agency-to-buy-typewriters-to-avoid-surveillance.html) [Archived](https://web.archive.org/web/20131221071647/http://themoscownews.com/russia/20130711/191758523/Russian-security-agency-to-buy-typewriters-to-avoid-surveillance.html) 2013-12-21 at the [Wayback Machine](/source/Wayback_Machine).

1. **[^](#cite_ref-15)** ["What is a Keylogger?"](http://www.pctools.com/security-news/what-is-a-keylogger/). PC Tools.

1. **[^](#cite_ref-16)** Caleb Chen (2017-03-20). ["Microsoft Windows 10 has a keylogger enabled by default – here's how to disable it"](https://www.privateinternetaccess.com/blog/2017/03/microsoft-windows-10-keylogger-enabled-default-heres-disable/).

1. **[^](#cite_ref-17)** ["Block Win Hooks | Sandboxie-Plus"](https://sandboxie-plus.com/sandboxie/blockwinhooks/).

1. **[^](#cite_ref-18)** ["The Evolution of Malicious IRC Bots"](https://web.archive.org/web/20060315074124/http://www.symantec.com/avcenter/reference/the.evolution.of.malicious.irc.bots.pdf) (PDF). [Symantec](/source/NortonLifeLock). 2005-11-26. pp. 23–24. Archived from [the original](http://www.symantec.com/avcenter/reference/the.evolution.of.malicious.irc.bots.pdf) (PDF) on March 15, 2006. Retrieved 2011-03-25.

1. **[^](#cite_ref-19)** Jonathan Brossard (2008-09-03). ["Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer (practical low level attacks against x86 pre-boot authentication software)"](https://web.archive.org/web/20080913072014/http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf) (PDF). *iViz Security*. Archived from [the original](http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf) (PDF) on 2008-09-13. Retrieved 2008-09-23.

1. **[^](#cite_ref-20)** ["Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites"](https://threatpost.com/web-based-keylogger-used-to-steal-credit-card-data-from-popular-sites/121141/). *Threatpost | The first stop for security news*. 2016-10-06. Retrieved 2017-01-24.

1. **[^](#cite_ref-21)** ["SpyEye Targets Opera, Google Chrome Users"](https://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/). *Krebs on Security*. Retrieved 26 April 2011.

1. **[^](#cite_ref-22)** ["Securing Linux with Mandatory Access Controls"](https://www.geeksforgeeks.org/securing-linux-with-mandatory-access-controls/). *GeeksforGeeks*. 2024-08-16. Retrieved 2025-02-25.

1. **[^](#cite_ref-23)** K.P.H. Sullivan & E. Lindgren (Eds., 2006), Studies in Writing: Vol. 18. Computer Key-Stroke Logging and Writing: Methods and Applications. Oxford: Elsevier.

1. **[^](#cite_ref-24)** V. W. Berninger (Ed., 2012), Past, present, and future contributions of cognitive writing research to cognitive psychology. New York/Sussex: Taylor & Francis. [ISBN](/source/ISBN_(identifier)) [9781848729636](https://en.wikipedia.org/wiki/Special:BookSources/9781848729636)

1. **[^](#cite_ref-AAA_25-0)** Vincentas (11 July 2013). ["Keystroke Logging in SpyWareLoop.com"](https://web.archive.org/web/20131207133350/http://www.spywareloop.com/news/keystroke-logging). *Spyware Loop*. Archived from [the original](http://www.spywareloop.com/news/keystroke-logging) on 7 December 2013. Retrieved 27 July 2013.

1. **[^](#cite_ref-26)** ["TypeFlow - Scientific Keystroke Logging"](https://webs.um.es/aitor.garces/typeflow_web.html). *University of Murcia*. Retrieved 20 March 2026.

1. **[^](#cite_ref-27)** ["Tracing Non-linear L2 Writing: Keystroke-Logged Excursions with and without Dictionary Support"](https://nodos.org/ponencia/tracing-non-linear-l2-writing-keystroke-logged-excursions-with-and-without-dictionary-support/). *VI Congreso Internacional Nodos del Conocimiento*. Retrieved 20 March 2026.

1. **[^](#cite_ref-Ahmed2020_28-0)** Ahmed, A. A., & Traore, I. (2020). *A survey of keystroke dynamics for authentication and identification.* Computers & Security, 97, 101947. doi:10.1016/j.cose.2020.101947.

1. **[^](#cite_ref-29)** Microsoft. ["EM_GETLINE Message()"](http://msdn.microsoft.com/en-us/library/bb761584(VS.85).aspx). [Microsoft](/source/Microsoft). Retrieved 2009-07-15.

1. **[^](#cite_ref-30)** ["Apple keyboard hack"](https://web.archive.org/web/20090826150015/http://www.digitalsociety.org/2009/08/apple-keyboards-hacked-and-possessed). Digital Society. Archived from [the original](http://www.digitalsociety.org/2009/08/apple-keyboards-hacked-and-possessed/) on 26 August 2009. Retrieved 9 June 2011.

1. **[^](#cite_ref-31)** ["Keylogger Removal"](https://web.archive.org/web/20110429181147/http://spyreveal.com/keyloggerremoval). SpyReveal Anti Keylogger. Archived from [the original](http://spyreveal.com/keyloggerremoval) on 29 April 2011. Retrieved 25 April 2011.

1. **[^](#cite_ref-32)** ["Keylogger Removal"](https://www.bastille.net/technical-details). SpyReveal Anti Keylogger. Retrieved 26 February 2016.

1. **[^](#cite_ref-33)** Jeremy Kirk (2008-12-16). ["Tampered Credit Card Terminals"](http://www.pcworld.com/article/155525/.html?tk=rss_news). [IDG](/source/International_Data_Group) News Service. Retrieved 2009-04-19.

1. **[^](#cite_ref-34)** Andrew Kelly (2010-09-10). ["Cracking Passwords using Keyboard Acoustics and Language Modeling"](http://www.inf.ed.ac.uk/publications/thesis/online/IM100855.pdf) (PDF).

1. **[^](#cite_ref-35)** Sarah Young (14 September 2005). ["Researchers recover typed text using audio recording of keystrokes"](http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml). UC Berkeley NewsCenter.

1. **[^](#cite_ref-36)** Knight, Will. ["A Year Ago: Cypherpunks publish proof of Tempest"](https://www.zdnet.com/article/a-year-ago-cypherpunks-publish-proof-of-tempest/). *ZDNet*.

1. **[^](#cite_ref-37)** Martin Vuagnoux and Sylvain Pasini (2009-06-01). Vuagnoux, Martin; Pasini, Sylvain (eds.). ["Compromising Electromagnetic Emanations of Wired and Wireless Keyboards"](http://infoscience.epfl.ch/record/140523?ln=en). *Proceedings of the 18th Usenix Security Symposium*: 1–16.

1. **[^](#cite_ref-38)** ["ATM camera"](http://www.snopes.com/fraud/atm/atmcamera.asp). *www.snopes.com*. 19 January 2004. Retrieved 2009-04-19.

1. **[^](#cite_ref-39)** Maggi, Federico; Volpatto, Alberto; Gasparini, Simone; Boracchi, Giacomo; Zanero, Stefano (2011). ["A fast eavesdropping attack against touchscreens"](http://www.syssec-project.eu/m/page-media/3/iclearshot-ias11.pdf) (PDF). *2011 7th International Conference on Information Assurance and Security (IAS)*. 7th International Conference on Information Assurance and Security. IEEE. pp. 320–325. [doi](/source/Doi_(identifier)):[10.1109/ISIAS.2011.6122840](https://doi.org/10.1109%2FISIAS.2011.6122840). [ISBN](/source/ISBN_(identifier)) [978-1-4577-2155-7](https://en.wikipedia.org/wiki/Special:BookSources/978-1-4577-2155-7).

1. **[^](#cite_ref-40)** Marquardt, Philip; Verma, Arunabh; Carter, Henry; Traynor, Patrick (2011). *(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers*. Proceedings of the 18th ACM conference on Computer and communications security. ACM. pp. 561–562. [doi](/source/Doi_(identifier)):[10.1145/2046707.2046771](https://doi.org/10.1145%2F2046707.2046771).

1. **[^](#cite_ref-41)** ["iPhone Accelerometer Could Spy on Computer Keystrokes"](https://www.wired.com/2011/10/iphone-keylogger-spying/). *Wired*. 19 October 2011. Retrieved August 25, 2014.

1. **[^](#cite_ref-42)** Owusu, Emmanuel; Han, Jun; Das, Sauvik; Perrig, Adrian; Zhang, Joy (2012). *ACCessory: password inference using accelerometers on smartphones*. Proceedings of the Thirteenth Workshop on Mobile Computing Systems and Applications. ACM. [doi](/source/Doi_(identifier)):[10.1145/2162081.2162095](https://doi.org/10.1145%2F2162081.2162095).

1. **[^](#cite_ref-43)** Aviv, Adam J.; Sapp, Benjamin; Blaze, Matt; Smith, Jonathan M. (2012). "Practicality of accelerometer side channels on smartphones". *Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12*. Proceedings of the 28th Annual Computer Security Applications Conference. ACM. p. 41. [doi](/source/Doi_(identifier)):[10.1145/2420950.2420957](https://doi.org/10.1145%2F2420950.2420957). [ISBN](/source/ISBN_(identifier)) [9781450313124](https://en.wikipedia.org/wiki/Special:BookSources/9781450313124).

1. **[^](#cite_ref-44)** Cai, Liang; Chen, Hao (2011). [*TouchLogger: inferring keystrokes on touch screen from smartphone motion*](https://www.usenix.org/events/hotsec11/tech/final_files/Cai.pdf) (PDF). Proceedings of the 6th USENIX conference on Hot topics in security. USENIX. Retrieved 25 August 2014.

1. **[^](#cite_ref-45)** Xu, Zhi; Bai, Kun; Zhu, Sencun (2012). *TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors*. Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM. pp. 113–124. [doi](/source/Doi_(identifier)):[10.1145/2185448.2185465](https://doi.org/10.1145%2F2185448.2185465).

1. **[^](#cite_ref-46)** Miluzzo, Emiliano; Varshavsky, Alexander; Balakrishnan, Suhrid; Choudhury, Romit Roy (2012). *Tapprints: your finger taps have fingerprints*. Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM. pp. 323–336. [doi](/source/Doi_(identifier)):[10.1145/2307636.2307666](https://doi.org/10.1145%2F2307636.2307666).

1. **[^](#cite_ref-47)** Spreitzer, Raphael (2014). *PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices*. Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. ACM. pp. 51–62. [arXiv](/source/ArXiv_(identifier)):[1405.3760](https://arxiv.org/abs/1405.3760). [doi](/source/Doi_(identifier)):[10.1145/2666620.2666622](https://doi.org/10.1145%2F2666620.2666622).

1. **[^](#cite_ref-48)** Hameiri, Paz (2019). ["Body Keylogging"](https://hakin9.org/product/hacking-with-raspberry-pi-4/). *Hakin9 IT Security Magazine*. **14** (7): 79–94.

1. **[^](#cite_ref-auto_49-0)** Young, Adam; Yung, Moti (1997). "Deniable password snatching: On the possibility of evasive electronic espionage". *Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)*. pp. 224–235. [doi](/source/Doi_(identifier)):[10.1109/SECPRI.1997.601339](https://doi.org/10.1109%2FSECPRI.1997.601339). [ISBN](/source/ISBN_(identifier)) [978-0-8186-7828-8](https://en.wikipedia.org/wiki/Special:BookSources/978-0-8186-7828-8). [S2CID](/source/S2CID_(identifier)) [14768587](https://api.semanticscholar.org/CorpusID:14768587).

1. **[^](#cite_ref-50)** Young, Adam; Yung, Moti (1996). "Cryptovirology: Extortion-based security threats and countermeasures". *Proceedings 1996 IEEE Symposium on Security and Privacy*. pp. 129–140. [CiteSeerX](/source/CiteSeerX_(identifier)) [10.1.1.44.9122](https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.44.9122). [doi](/source/Doi_(identifier)):[10.1109/SECPRI.1996.502676](https://doi.org/10.1109%2FSECPRI.1996.502676). [ISBN](/source/ISBN_(identifier)) [978-0-8186-7417-4](https://en.wikipedia.org/wiki/Special:BookSources/978-0-8186-7417-4). [S2CID](/source/S2CID_(identifier)) [12179472](https://api.semanticscholar.org/CorpusID:12179472).

1. **[^](#cite_ref-51)** John Leyden (2000-12-06). ["Mafia trial to test FBI spying tactics: Keystroke logging used to spy on mob suspect using PGP"](https://www.theregister.co.uk/2000/12/06/mafia_trial_to_test_fbi/). *The Register*. Retrieved 2009-04-19.

1. **[^](#cite_ref-52)** John Leyden (2002-08-16). ["Russians accuse FBI Agent of Hacking"](https://www.theregister.co.uk/2002/08/16/russians_accuse_fbi_agent/). *The Register*.

1. **[^](#cite_ref-53)** Alex Stim (2015-10-28). ["3 methods to disable Windows 10 built-in Spy Keylogger"](http://www.spyrix.com/3-methods-to-disable-windows-10-built-in-spy-keylogger.php).

1. **[^](#cite_ref-54)** ["What is Anti Keylogger?"](http://www.securitysupervisor.com/security-q-a/computer-security/218-what-is-anti-keylogger). 23 August 2018.

1. **[^](#cite_ref-55)** Creutzburg, Reiner (2017-01-29). ["The strange world of keyloggers - an overview, Part I"](https://www.ingentaconnect.com/content/ist/ei/2017/00002017/00000006/art00019). *Electronic Imaging*. **2017** (6): 139–148. [doi](/source/Doi_(identifier)):[10.2352/ISSN.2470-1173.2017.6.MOBMU-313](https://doi.org/10.2352%2FISSN.2470-1173.2017.6.MOBMU-313).

1. **[^](#cite_ref-56)** Goring, Stuart P.; Rabaiotti, Joseph R.; Jones, Antonia J. (2007-09-01). ["Anti-keylogging measures for secure Internet login: An example of the law of unintended consequences"](https://www.sciencedirect.com/science/article/pii/S0167404807000569). *Computers & Security*. **26** (6): 421–426. [doi](/source/Doi_(identifier)):[10.1016/j.cose.2007.05.003](https://doi.org/10.1016%2Fj.cose.2007.05.003). [ISSN](/source/ISSN_(identifier)) [0167-4048](https://search.worldcat.org/issn/0167-4048).

1. **[^](#cite_ref-57)** Austin Modine (2008-10-10). ["Organized crime tampers with European card swipe devices"](https://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/). *The Register*. Retrieved 2009-04-18.

1. **[^](#cite_ref-58)** Scott Dunn (2009-09-10). ["Prevent keyloggers from grabbing your passwords"](http://windowssecrets.com/top-story/prevent-keyloggers-from-grabbing-your-passwords/). Windows Secrets. Retrieved 2014-05-10.

1. **[^](#cite_ref-59)** Christopher Ciabarra (2009-06-10). ["Anti Keylogger"](https://web.archive.org/web/20100626093658/http://networkintercept.com/keystrokeinterference.html). Networkintercept.com. Archived from [the original](http://networkintercept.com/keystrokeinterference.html) on 2010-06-26.

1. **[^](#cite_ref-60)** ["Mitigate some Exploits for Windows'™ User Account Control"](https://skanthak.hier-im-netz.de/uacamole.html). *skanthak.hier-im-netz.de*. Retrieved 2026-05-17.

1. **[^](#cite_ref-61)** EliotSeattle. ["Driver Signing With Digital Signatures - Windows drivers"](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing). *learn.microsoft.com*. Retrieved 2026-05-17.

1. **[^](#cite_ref-62)** Cormac Herley and Dinei Florencio (2006-02-06). ["How To Login From an Internet Cafe Without Worrying About Keyloggers"](http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf) (PDF). [Microsoft Research](/source/Microsoft_Research). Retrieved 2008-09-23.

## External links

Media related to [Keystroke logging](https://commons.wikimedia.org/wiki/Category:Keystroke_logging) at Wikimedia Commons

v t e Information security Threats Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie vectorial version Defenses Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Software obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation Related security topics Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management

v t e Malware topics Infectious malware Computer virus Computer worm List of computer worms Timeline of computer viruses and worms Concealment Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer Malware for profit Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Pay-per-install Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats By operating system Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses Protection Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security Countermeasures Computer and network surveillance Honeypot Operation: Bot Roast

---
Adapted from the Wikipedia article [Keystroke logging](https://en.wikipedia.org/wiki/Keystroke_logging) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Keystroke_logging?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.