Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Sometimes the Threat Is in the Hardware

Our computer’s hardware – the circuits, chips, disks, memory, cables, and connectors – are all things we rarely think about when it comes to considering our privacy.

We would be wise to.

While not as easily compromised, since it requires some form of physical access, hackers know we take our hardware for granted, and when it comes to gaining intrusive access to our information, hardware represents a way in.

Become a Patron of Ask Leo! and go ad-free!

Hardware Keyloggers

A keylogger is typically a form of malware that resides on your computer, intercepting and recording all your keystrokes and sending them off to some malicious third party. Type in your username and password, and the keylogger intercepts and records it.

Keyloggers can also be present in hardware. A device inserted between your keyboard and computer can do exactly the same thing: record all keystrokes for transmission or later collection by that same malicious party.

Hardware keyloggers are less common because they require physical access to the machine on which they’re installed. Once installed, however, they’re nearly impossible for the average computer user to detect. It doesn’t matter what anti-malware tools are running, what operating system is installed, clean-installed, or booted from, the keylogger remains in place, recording your data.

There are two simple guidelines:

  • Never use a public computer for anything in any way sensitive. Hardware keyloggers are most commonly found on public computers.
  • Remember, “If it’s not physically secure, it’s not secure”. If your computer is in a public or highly trafficked place, it’s possible someone could add a hardware keylogger when you’re not around.

Most people needn’t worry about hardware keyloggers. As I said, they’re rare, mostly because installation requires physical access to the machine.

But they definitely exist.

Public Charging

Charging StationThis is a relatively new, and to me, fascinating form of compromise.

You’re on a trip, and your mobile phone’s battery is running low, so you find a convenient charging station where you can plug in and top off the battery before you board your aircraft.

Unfortunately, that connection might provide more than power. The connection can actually include malicious hardware surreptitiously placed there by a hacker that could leverage the data connection on your USB connection to examine the contents of your phone or even place malware on it.

It’s not common, but it can happen.

Fortunately, the solutions are simple.

  • Never use a public USB connection for anything. You simply don’t know what you’re connecting to.
  • Bring and use your wall-charger instead. Assuming you can find a wall outlet, this is a safe way to recharge your device.
  • If you must, get and use a “data blocker”, a device through which you make your USB connection, which in turns blocks any data connection attempts.

Always be careful what you connect your device to, be it your mobile phone, tablet, or laptop.

Other types of hardware compromise

These are significantly less common, but I want you to be aware of them.

BIOS infection

Technically, this is a software update, but it’s to your hardware: the BIOS in your computer. It’s nearly unnoticeable, and most anti-virus programs can’t detect it. You can reformat your machine completely, and the malware will still be there. The only solution, when this happens, is to re-flash your computer’s BIOS.

If you think your BIOS has been infected, it probably has not. Once folks hear about this possibility, they’re quick to jump to it as a conclusion when malware reappears after a clean rebuild of their machine. What happens much more frequently is simply that you reinstalled the same malicious software you had before.1

Cash Machine Skimmers

While not directly related to the technology you own, this relates to technology you use.

There are malicious devices that can be added to cash machines and credit card machines that read (or “skim”) the information off the card you insert or swipe. When coupled with cameras that record the PIN you type to access your money, the thieves then have enough information to clone your card and access it themselves.

Security researcher Brian Krebs has apparently gotten into the habit of tugging on the card insertion point to make sure it’s not one of these fake devices.

My advice? Tug if you like, but instead, only use your cards in devices in very public places, devices you’re personally already familiar with, and at retailers with which you already have a relationship of trust.

Or stop by the bank in person; I’m sure they’d love to see you.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


Footnotes & references

1: Seriously. I’ve yet to see this actually happen to anyone who’s come to me claiming it has.

9 comments on “Sometimes the Threat Is in the Hardware”

  1. I am a missionary living in Mexico for the past twenty years. Fifteen years ago I entered a Costco to use the ATM machine, which was our only way of getting funds. Attached to the small kiosk bank inside the Costco was an ATM. Behind the machine was an extended room attached to the bank kiosk. After using the machine, which we had for over a year with no problems, I later in the day when returning for more fund noticed my balance had dropped by fifty percent. Before I was able to contact my bank in New Orleans to shut down the account they took all my money I had in the world.
    As I talked to other missionaries in the group they reported loss of all their funds also. I then deduced that the kiosk in the bank was the culprit, that somehow when you put your card in the ATM and keyed in your pin someone, behind the machine had rigged it to record your pin and had made a clone of your card.
    My bank refused to refund saying “it was your card used”, even though I had a 300 dollar per day limit on the card and over 1000 dollars was taken out of the account. I have no idea how they got around the 300 per day limit, but they did.
    I went to the manager of the Costco and told him what I had deduced. Thinking that as the kiosk bank was inside the store he could do something about it. He replied “if what you say is true I would imagine the party’s involved are very sophisticated, connected and probably very dangerous. If I were you I would leave it alone”. He delivered this cryptic warning with a very hard direct stare. All in the group feeling we had no recourse ate our losses and simply never used that machine again with no further problems.

    • Sorry you have a bank with such poor service. Consider the Chris Elliott consumer advocate site to help you if this happened recently.

    • In articles I’ve read, skimmers are more common on gas station card readers because the security is tighter at banks. Also, I could imagine a higher yield at a gas station as probably more debit/credit cards being used per hour at a gas pump.

      • “In articles I’ve read, skimmers are more common on gas station card readers because the security is tighter at banks.” – And perhaps too because people are less aware of the problem and so are less vigilant. I seem to remember reading that there are ~50 ATM attacks per year per 1,000 ATMs – which is an alarmingly high number.

  2. I’ve been tugging/checking the slot of every ATM for years after I heard that crooks will attach a device to ATMs to read your card … exactly as you described. And the news report said these devices were found in even the most public of places. So I think I would take Brian Krebs’ advice seriously, not just limit myself to public places because they are also vulnerable.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.