I see a lot of ads these days for fancy mechanical keyboards from numerous brands, but the thing I always wonder about is: how do we know these keyboards dont have keyloggers or other spying tech built into them?
I see a lot of ads these days for fancy mechanical keyboards from numerous brands, but the thing I always wonder about is: how do we know these keyboards dont have keyloggers or other spying tech built into them?
Well, you don’t. But let’s think about it. The micro controller in it could easily log your keys. But logging data without retrieving it is rather useless. Either the keyboard itself has hardware to send out the data or it sends the data via your computer. The first one is absurd, what is that supposed to be, a satellite connection? The second one is not any different from having any old keylogger installed on your computer. The keyboard does the first step of collecting the keystrokes but every keyboard does that. The program does the second step of sending the data out over the internet but every keylogger does that. So could the software bundled with it be a keylogger? Sure but probably not. Making a whole company and production line with a product just to distribute a keylogger is quite overkill and risky when found out. With this line of thinking any software you install could be a keylogger, which it can be but is probably not the case. In short, there is nothing special about a keyboard that makes it more likely to be a keylogger than any other device or software. If you are somehow paranoid about this you can build your own keyboard and flash your own firmware to its micro controller. I did that but not for the reason of keyloggers, I just wanted to design and build my own keyboard.
This is the correct answer, if that’s something that concerns a person. This would virtually guarantee privacy, and it’s not unlike the impetus behind open source hardware/software.
But like you said, there’s no reason a company would go through the trouble of production, unless they thought that they would get a payout from it before getting caught (and that’s a big gamble for operating out in the open like that).
Also I would imagine many computers could or would detect many instances of illicit Keyloggers trying to send out data without permission
Map usage times for a week.
In the middle of a non usage time type the string of characters that are first typed at the start of usage time.
Then open a browser using keyboard shortcuts (does Win+R open a browser in Windows if you type a URL in?) , type a URL, type in all learned username password combos, close browser using keyboard shortcuts.
Yeah. That could work.
I think it would get detected by many modern antivirus solutions, but it could work.
That’s a good point. This kind of scripted data exfiltration triggers alerts in modern antivirus.