DEV Community

Cover image for How cybercriminals steal your passwords by listening to your keyboard ๐Ÿ•ต๏ธโ€โ™€๏ธ ๐Ÿ’โ€โ™€๏ธ
Stacy Roll
Stacy Roll

Posted on

How cybercriminals steal your passwords by listening to your keyboard ๐Ÿ•ต๏ธโ€โ™€๏ธ ๐Ÿ’โ€โ™€๏ธ

Cybercriminals often don't have our passwords or tokens after a brute force decryption, but rather simply listen to our keyboard...

In this article, I'll show you how the use of pirated software can steal your passwords with just 10 additional lines of code for GNU/Linux systems.

Let's take a look at this Rust code:

use std::io::BufRead;

fn main() {
    println!("Enter your token to validate your identity:");
    let mut password: String = String::new();
    //we can hidden the input for more privacy
    let stdin: std::io::Stdin = std::io::stdin();
    stdin.lock().read_line(&mut password).unwrap();
    //send password with HTTPS
}

Enter fullscreen mode Exit fullscreen mode

It is a standard function that retrieves a password and then sends it via HTTPS to a server. Without any alteration, this code is 100% secure.

Now, let's assume the user didn't download or compile an authentic version but instead downloaded a version modified by a cybercriminal. We can observe that by using a low-level keyboard handler, not only can they obtain the user's password, but they can also eavesdrop on the entire session.

I will use k_board for this.

cargo add k_board
Enter fullscreen mode Exit fullscreen mode

Objectives:

  • Obtain password: Listen to the keyboard until an Enter key is pressed.
  • Session: Send what is typed to an HTTP server every 10 keystrokes.
use k_board::{Keyboard, Keys};
use std::io::BufRead;

fn main() {
    println!("Enter your token to validate your identity:");
    let mut password: String = String::new();
    let stdin: std::io::Stdin = std::io::stdin();
    stdin.lock().read_line(&mut password).unwrap();
    // -> send password to the original server
    // -> send password to our server
    // -> Inside logic program: look to every key event
    get_keys_pressed_and_send_it();
}

fn get_keys_pressed_and_send_it() {
    let mut i: u8 = 0;
    loop {
        let key = Keyboard::new().read_key();
        if key != Keys::Null {
            i += 1;
        }
        if i == 10 {
            //send to our server
            i = 0;
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

I am a little scared of what cybercriminals can do to me if I use modified software. Advocating for free software is not just about having things "free" in the economic sense of the word, but it is to prevent these kinds of everyday threats.

See you in the next articleโฃ๏ธ๐Ÿค—!!

Top comments (1)

Collapse
 
proteusiq profile image
Prayson Wilfred Daniel

This is what I was looking for. Thank you ๐Ÿ™๐Ÿพ