How to Defend from Keyloggers in Firefox with Keystroke Encryption
Null Byte is looking for moderators.
More threats to computers exist every day. Not only do we have computer viruses and malware, but we have rootkits and other nasty pieces of code that can log your keyboard strokes or even add your computer to a botnet to attack other websites. Your computer can be infected even if you have anti-virus software installed. I can't stress enough how easy it is for a hacker to write a piece of code that gets around every piece of anti-virus software.
Keystroke logging is the act of intercepting typed keys before they are displayed to the screen, then logging them to a file. This allows for intrusion and access to data—even passwords.
Normally, when a key is pressed and entered into a computer, the keystroke goes from the keyboard to the OS kernel. From there, it goes back out and prints to the screen. To intercept this, a keylogger must inject itself between the keyboard and the kernel. Since keyloggers go before the application, your passwords are never obfuscated or encrypted, which leaves them viewable in plain text in the keylogger's log files.
In this Null Byte, I'm going to teach you how to encrypt your keystrokes for free in the most sensitive of places—your web browser. There are solutions to encrypt every keystroke within Windows OS, however, they all come with a price tag.
Step 1 Install the Addon
- Download the Firefox addon, KeyScrambler.
- Follow along with the video guide below for the basic installation.
Step 2 Setting It Up
After the installation, you may require a reboot. As you can see in the video, there are a few select settings that I had changed (you may wish to do the same). For now, as stated, this version only gives users encrypted keystroke protection in Firefox (or IE, but who uses that?). In order to obtain full OS protection, you need to purchase the full version. Currently, there isn't a free or open source keystroke encryption program available.
I recommend that you change one setting in particular. It's an animated popup notification, and no offense to the developers, but it is terrible and lags on my system, so I'm pretty sure it's worth disabling. The popups are annoying anyways, they just tell you when your keystrokes are being protected.
- Open Firefox.
- Go into the addon preferences and select KeyScrambler.
- Disable animated popups.
I am currently planning to code an open source key encryption software for Linux. Currently, none are available. Feel free to contact me if you would like to code it with me.
Follow and Chat with Null Byte!