Skip to main content
Dashlane Logo

What the Hack Is Keylogging?

  |  Dashlane
Camera focusing on keyboard

Imagine your keyboard gossiping behind your back, spilling your deepest, darkest, and most embarrassing secrets to the world. Would you throw your brand-new MacBook into the nearest toilet? Even a privacy cynic—the type of person who says after every data breach “It’s only a matter of time before the president knows my BMI…and you know what? I don’t care!”—has got to admit (at the very least!) that the idea of a keyboard silently transmitting their every stroke is rude.

“Keylogging” is actually one of the oldest forms of cyber warfare. During the Cold War, Russian spies implanted devices in the CIA’s typewriters that recorded every movement of their mechanical arms, transmitting—in real time!—the exact characters being imprinted on documents. Today, jealous spouses, overbearing bosses, and despotic regimes do the same, using only slightly more advanced methods.

Like bed bugs, keyloggers are hearty and can live practically anywhere. They can feast on the scripts of a webpage itself, burrow their way into your computer’s memory, or even pose as a program for your keyboard. Physical keyloggers, or dongles, can intercept data shared between your keyboard and the USB port in your computer, beaming via WiFi the fact that you’ve just WikiHow-ed “how to manage a difficult boss,” directly to your difficult boss. If you’ve run afoul with the CIA or NSA, a super-sophisticated keylogger could even be deployed to sniff out an unencrypted connection between your wireless keyboard and PC, snatching up your keystrokes in the process.

Patrick Wardle, Principal Security Researcher at Jamf, calls keylogging “one of the most powerful capabilities a piece of malware can have,” but cautions those nervous they might have one installed on their device not to assume the worst case scenario. “For the average user, I would say that the risk is not incredibly high.” Okay, thank you, but I’m still freaked out.

key log·ging

noun /kē ˈlôg-iŋ\

the action of logging keystrokes, typically covertly, so that the user is not aware their actions are being monitored

Thankfully, even if you’re not important enough to keyboard jack, there are ways to protect yourself. For one, he says, you should always double check that you’re running the latest version of your operating system. (Hackers have a harder time cracking newer code.) It also doesn’t hurt to install anti-spyware software and use a password manager. If you’re using a shared computer, look out for suspicious dongles. Suspicious dongles! (If you find them at work, ask to read your company’s privacy policy, and if your bosses are tracking your every key press, it might be time to find new employment, maybe? That’s on you.)

There’s also some Tin Hattery you shouldn’t pay attention to online, he says, like the folks who claim they’re able to spot keyloggers by measuring how quickly their keyboard registers keystrokes. “I get a lot of emails from people who are convinced they’ve been hacked and the only evidence they provide is that their mouse moves when they didn’t move it,” explains Wardle. But you shouldn’t automatically jump to the conclusion that the NSA is reading your email-to-self list of “to make” lasagna recipes. Unless a teen built the keylogger last night in their basement, chances are if it exists it's sophisticated enough to evade your noticing. “I would say 95% of keyloggers are going to have no discernible impact on your operating system,” he says.

Like bed bugs, keyloggers are hearty and can live practically anywhere. They can feast on the scripts of a webpage itself, burrow their way into your computer’s memory, or even pose as a program for your keyboard.

That said, the keylogging industry is thriving…because people are rude! And I’m not only talking about stalkers and criminals but corporations, too. In 2015, Microsoft began shipping Windows 10 with a keylogger (which users could disable, though who thinks to do that?). They’ve also been discovered in school libraries, banks, and HP laptops. In 2017, a German developer discovered his former employer had collected his typed information without his consent, leading a court to deem keylogging against the law. In the U.S. there is no federal law that prevents an employer from invasively spying on its employees. So perhaps be extra wary when adding that private friends-only Slack room to your work computer.

Unfortunately, the keylogging industry is robust these days precisely because there’s still a (messed up!) market for such “stalkerware.” In the journey of this article’s research, I stupidly YouTubed “keylogger videos” and the results made me honestly concerned about the state of humankind. There was a video advertising how to bug a keyboard, while another showed how to spy on someone’s cell phone. Both videos claimed they were for “educational and for entertainment purposes only,” though the hosts weren’t entertaining, and I doubt anyone would watch just for the sake of education. Yikes.

I mean, think about it. Your keys, once dutifully and discreetly logging your letters like obedient little soldiers, turning against you? That’s enough to inspire anyone to improve their penmanship.

Looking for more info?

Visit our online safety hub for the latest breach report and a complete guide to staying secure on the internet.

Sign up to receive news and updates about Dashlane