Will using an on screen keyboard stop keyboard loggers and hackers?

Helping people with computers... one answer at a time.

Ask Leo! » Viruses and Malware » Malware Prevention

Using an on screen keyboard instead of a real keyboard might stop some logging, but there's no guarantee that other techniques aren't also being used.

Will using the on screen keyboard in Vista stop keyboard loggers/hackers?

•

The short answer is very simple: no.

It might stop some, but it's certainly nothing that you can count on.

Let's look at the path of keystrokes from your finger to your computer and see all the various places that your keystrokes can be intercepted and logged.

•

When you type a key on your keyboard, typically a microprocessor within the keyboard does its magic to send a signal up the cable connecting your keyboard to your computer.

And there we reach the very first point of vulnerability. No, not the microprocessor in the keyboard (possible, I suppose, but exceptionally unlikely), but the cable. Or rather what the cable plugs into. Particularly lucrative targets are public computers, where someone comes along and actually installs a physical device between the computer and keyboard; a device that logs every keystroke entered. Sometime later they come back, remove the device and take with it all the information that users of that computer might have entered.

As it turns out, wireless keyboards are worse. Wireless keyboards actually broadcast the keystrokes you're typing. Any receiver within range can "listen in" and record them, and unfortunately "in range" also turns out to be much further than most people think - particularly for a thief with equipment dedicated and tuned to this purpose. While the keystrokes are supposedly encrypted, I recently heard that this encryption is often very easy to crack.

The good news is that your on screen keyboard actually does protect you against these two specific types of keyboard related threats. By using the on screen keyboard you've avoided touching the actual keyboard you've bypassed any compromise of the hardware.

"A keystroke logger can capture a lot more than just keystrokes ..."

The bad news is that hardware based keyloggers are rare. Much more common are software based threats.

Once your keystrokes arrive at the computer from the keyboard, they are then processed by a keyboard device driver which (to oversimplify) handles the translation of the keyboard "scan codes" that have come over the wire to the letters, numbers and symbols that Windows applications expect. Keystroke loggers typically insert themselves into the receiving end of this process, so that they get the keystrokes from the keyboard as they are passed on to Windows.

This is where the on screen keyboard scenario gets interesting.

Windows Vista on-screen keyboard

The on screen keyboard application is a "virtual" keyboard. It effectively has its own device driver, and to Windows "looks like" a real keyboard. As a result, the keystrokes it sends onto Windows can quite easily be captured by the same key logging software that's capturing keystrokes from the real keyboard, if that key logger has installed itself into the proper place.

But it gets worse. Much worse, actually.

Let's assume that the keystroke logger is not able to capture the keystrokes from the virtual on-screen keyboard.

A keystroke logger can capture a lot more than just keystrokes, so perhaps it'll capture something else instead.

You use the virtual keyboard by using your mouse to point and click at the image of a key on the keyboard. A keystroke logger could then capture on every mouse click:

the location of the mouse on the screen
a screen shot image of the screen, or just the area "around" the mouse pointer

What the key logger has done is captured a series of images showing exactly where you clicked and in what order. In other words, it's captured your virtual keystrokes.

Note that this approach to key logging also bypasses one of the more common so-called security techniques of randomizing the keyboard layout on the screen. You still have to be able to see where to click, and the logger simply logs what you see and where you click, regardless of how the keyboard is laid out.

How big a threat is this?

It depends on whom you ask. In my opinion "normal" keystroke loggers - those that record only keystrokes - are a fairly common threat, and are one part of the reason that anti-malware protection and general internet safety common sense in general is so important. So yes, they're out there.

The real question is how pervasive are these more sophisticated screen capturing keyloggers? It's hard to say, but we do know that malware creators have continued to escalate their attacks, both in technique and in scope. It wouldn't surprise me to see these types of malware increase in frequency.

And I, personally, wouldn't rely on a virtual keyboard of any sort as a security measure.

Article C3617 - January 10, 2009

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Is there a way to bypass keyloggers? Keystroke loggers can log a lot more than just keystrokes. We'll look at a couple of ideas for bypassing them, and they chances that you can.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Spyware: How do I remove and avoid spyware? There are some important steps to take to deal with the ever-present concern of how to remove and avoid spyware.

Recent Comments

7 Comments

i guess it is the responsibility of websites to establish a security layer. they should ask for partial passwords and not full password. For example, a user has 8 character password. The website should display lesser than 8 boxes and ask the user to, say, enter 1st, 4th, 6th and 7th character of password. every time user tries a login, these places should be randomized so that every time, the website ask for different characters of password of the same user.
This can reduce password thefts to a significant extent, but not 100%.

Posted by: greater good at January 17, 2009 7:29 AM

There is an interesting comparison of approaches at http://kyps.net/home/comparison what do you think?

Posted by: Tom Hoffman at May 27, 2009 8:15 AM

On-screen keyboard doesn't defeat keyloggers, i use a keylogger on my own computer. so i can tell when people have been using it while i'm gone. It records everything the on-screen does

Posted by: David at February 4, 2010 8:04 AM

I am by no means an expert in these matters, however I have to agree that keyscrambler is an effective tool against keyloggers. I added the plugin to Firefox and downloaded trial versions of 2 commercial keyloggers that work invisibly at the kernel level.

When I input data into any website, the keyloggers recorded either nothing or gibberish.

Perhaps you don't want the keyloggers named on your site, but I would be happy to provide the names on request.

Posted by: Graham at February 14, 2010 11:07 AM

One method that DOES defeat keyloggers (correct me if I'm wrong) is moving the cursor mid-password by clicking it in a different location or even outside the password field.

For instance, if your password is "12534," first type "1234," click the mouse after the second character, and type in "5." The keylogger will record "12345" but the browser will send your correct password to the server. To further thwart the attacker, after typing "5" click the mouse anywhere outside the field and type "67"; then, click the mouse in the password field again and hit Enter. The keylogger will record "1234567," which is nowhere near the real "12534" password.

It should go without saying but, for this to work, you HAVE to use the mouse and not the arrow keys on the keyboard!

This will not defeat keyloggers. Keyloggers often log much more than keystrokes, and include mouse movements, clicks and even screen shots.

05-Nov-2010

Posted by: Michael Steiner at November 4, 2010 3:39 PM

See all 7 comments...

Post a comment on "Will using an on screen keyboard stop keyboard loggers and hackers?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/will_using_an_on_screen_keyboard_stop_keyboard_loggers_and_hackers.html