Mobile Keylogging: Attack Vectors & Prevention
The following brief focuses on three topics related to keylogging in mobile devices: User Authentication, Best Practices for Mobile Devices, and Keystroke Encryption.
Authentication is the process of identifying a user when logging into a website, network, or cloud service. It verifies that you are who you say you are, when you login. Having the correct user name and password is not enough. They can be stolen.
Mobile devices can be effective tools for user authentication, provided that best practices are followed.
Best Practices for Mobile Devices
Best practices can reduce vulnerabilities by various means, including password protection and enablement of auto-lock of the device. A remote wipe feature can be enabled, if available for the particular model. Operating system and application updates and patches should be installed. Lost, stolen, or misplaced mobile devices need to be reported to the police immediately. Wireless access, including Bluetooth or Wi-Fi, etc., should be disabled when not in use to prevent unauthorized wireless access.
More best practices are listed in the FAQs section of the Kadix Keylogging Ontology
However best practices are not enough if the mobile device is used to input and output confidential information. The absence of keystroke encryption, even on devices with strong file encryption and browsers that are otherwise secure, makes the typical mobile device vulnerable to keylogging.
Keystroke Encryption prevents keylogging by encrypting keystrokes upon entry, before they are processed by an application or browser. The encryption ensures that keylogging malware records only random characters that are of no practical use.