Site Options:


Mobile Keylogging:  Attack Vectors & Prevention

The Kadix KEYLOGGING ONTOLOGY documents the problem of keylogging malware in mobile devices, and concludes with generic and specific Solutions[1] .

Security Brief

The following brief focuses on three topics related to keylogging in mobile devices:  User Authentication, Best Practices for Mobile Devices, and Keystroke Encryption.

User Authentication
Authentication is the process of identifying a user when logging into a website, network, or cloud service. It verifies that you are who you say you are, when you login. Having the correct user name and password is not enough. They can be stolen.

Mobile devices can be effective tools for user authentication, provided that best practices are followed.

Best Practices for Mobile Devices
Best practices can reduce vulnerabilities by various means, including password protection and enablement of auto-lock of the device. A remote wipe feature can be enabled, if available for the particular model. Operating system and application updates and patches should be installed. Lost, stolen, or misplaced mobile devices need to be reported to the police immediately. Wireless access, including Bluetooth or Wi-Fi, etc., should be disabled when not in use to prevent unauthorized wireless access.

More best practices are listed in the FAQs section of the Kadix Keylogging Ontology

However best practices are not enough if the mobile device is used to input and output confidential information. The absence of keystroke encryption, even on devices with strong file encryption and browsers that are otherwise secure, makes the typical mobile device vulnerable to keylogging.

Keystroke Encryption
Keystroke Encryption prevents keylogging by encrypting keystrokes upon entry, before they are processed by an application or browser. The encryption ensures that keylogging malware records only random characters that are of no practical use.

Related Information:
Keylogging Ontology
Problem & Solution
MobileTrust: FAQs