I just read an interesting article about password security.
Among other things, it discusses "keylogging software, which is deposited on a PC by a virus, records all keystrokes — including the strongest passwords you can concoct — and then sends it surreptitiously to a remote location."
My question: can keylogging software recognize mouse actions?
For example, suppose your password was 12345 (yes, I’m aware this is a stupid password). What if you typed in ABCDE, then used the mouse to highlight the letters randomly and replace them with the appropriate number? Could the keylogger recognize this or would it appear as, say ABCDE43215 (assuming you highlighted the D and typed a 4, then highlighted the C and typed a 3 and so on)?
I tried it on one of my email accounts and the email program was happy with the password once I got done fiddling with it, but would that fool the keylogger?
hmmm, or even a cut & paste from a text file?
:coffee:
I use RoboForm for every name and password.
the short answer is YES
I have written code to do all that and the long answer is absolutely. I can, and have, write code to trap any inbound inputs to the machine.
Back in the late 80s a co-worker came to me one day. There had been some higher level meetings wherein he was involved. He very cautiously asked me that if I was given a small amount of exe code, could I disassemble it tell them what it was doing. He didn't tell me why or anything and I told him I could do so.
I was then given said code on diskette and tasked to have it and drop all other things I was doing. I thought it all kind of odd but love a good challenge.
I disassembled the thing to regular assembly language (best you could do at the time). It took me all but about an hour to determine the code was an ISR (interrupt service routine) loaded at a computer's boot up sequence. Then it just sat there watching keystrokes - specifically for F:LOGIN which was our Novell Netware primary login. Once it saw F:LOGIN it recorded all keystrokes - watching for the network's admin password was the intent.
I told my bud, Matt, what I had discovered during a smoke break. The smoke break ended abrubtly and I found myself in a closed door meeting about my discoveries. While that was going on another co-worker was taking his stuff out to his car having been fired already. Being clueless about all this I piped up with "what the f..k is going on anyway?". They finally spilled the beans to me that he had installed this little password logger on the admin's machine and had unlocked all the secure areas on the company's server - accounting records, HR records - everything. Come to find out our friend had gotten this little bugger from some bulletin board one weekend.
Also come to find out that during that earlier high level meeting the question was asked "who here is capable of writing such a piece of code". I was the only one mentioned making me the primary suspect of course. Matt had stood up for me saying "he would never do anything like that and you can fire us both if I'm wrong". Finding out all this kind of took me aback - giant time.
Another smoke insued and we talked about it all. I was at first terribly offended to have been considered I would do such a thing - as Matt stood up for me on. Then after being calmed down I was kind of honored being thought of as the only person in the company with the programming saavy to write such a nafarious animal. He also apologized for being so evasive about having me disassemble the thing and tell what it was doing. Apparently they feared that if I had been the one to write the thing that I would lie about what it did. I was asked/told to never discuss the matter with anyone.
Anyway... trapping mouse activity is just as easy. Next time you have one of your CAD programs up and you are moving your mouse, how do you think coordinate numbers change as fast as the mouse moves? They are trapping mouse-move events. It's easy.
Well, there is the long answer.
YES and NO
Capturing the mouse movements would be easy. Interpreting them would be much harder than capturing them or keystrokes. The interpretation of "move up yy pixels and right xx pixels and click" depends on the program that is displayed and what it has at that screen location. A simple logger at the mouse input would have no way of knowing that.
There may be ways to catch the information elsewhere in the chain, but I doubt anybody is doing it at the mouse level.
YES and NO
The answer still stands at yes.
Capturing the lowest level mouse or keyboard events is a non-trivial task.
Today's operating systems make it more difficult. But back in the day, if you wanted a program to be responsive to a mouse or other hardware input, you had to write your own device driver. It is not for the light-hearted programmer to be sure.
