Neutralizing Keyloggers, an intimate story between the keyboard and the system
How to enter information into a computer system while guaranteeing its security? Password, secret code, confidential document, important mail or just your last research online. Sensitive information is everywhere in the system and usually driven through the keyboard. This explains the popularity of keyloggers among malware authors… Easy to write, countless examples online, stealthy, efficient and hard to detect, keyloggers are cheap and reliable malicious tools.
This talk does not attempt to propose an additional method for detecting these threats. There are already so many of them and the threat still persists. But in this talk, we aim to share a “keyboard journey” in Windows world, presenting internals and some undocumented mechanisms from Windows kernel in order to track step by step keystrokes’ content. From electronics in the keyboard to the printed character on the screen through the kernel… In addition, we present an exhaustive technical survey of the keylogger threat to better understand it. In the end, we will have a great view on the flow of keystrokes data through the system.
Security management is not just about detecting a given malicious threat, but about protecting the integrity of the data handled within a system. We bring visibility into data flows and not just loss prevention and system reliability. We like to present a security approach that uses system knowledge to protect data.
- History of keyboard and keylogger technology
- Why is the keyboard relevant from a security point of view?
Windows internals applied to keyboard
- Keyboard from electronic point of view
- Keyboard from kernel point of view
- Keyboard from application point of view
- Hardware keyloggers
- Active vs Passive threat
- Software keyloggers
- UEFI, Hypervisor, Kernel, User-Land
How to prevent such a threat?
- Existing approaches & limitations
- Original approach to enhance security