Site Options:

Kadix

Keylogging Ontology

Problem & Solution

"Keyloggers are a serious threat which requires a tough solution. Many antikeylogger technologies can be easily defeated by slightly more advanced keyloggers that are already in the wild. Virtual keyboards and graphical passwords can be easily bypassed using screen capturing. Password managers and semi-encryption technologies can be bypassed using keyloggers that sit inside the browser. Keystroke dynamics can be bypassed by keyloggers that log typing patterns. The only real solutions against keylogging are One Time Passwords (OTP) and end-to-end keystroke encryption. OTP allows the attacker to grab one-time-passwords and enter the account occasionally while end-to-end encryption provides a robust solution that genuinely protects passwords from stealth."  [Trusteer. Anti-Keylogger Myths. Whitepaper, 2007]

For many consumers, mobile devices have supplanted PCs and are now being used for 'secure logins' to email and bank accounts and to make financial transactions. Like PCs, mobile devices are being targeted by keyloggers.

Even mobile security products such as the IBM Security Trusteer Mobile Browser and the IBM MaaS360 Enterprise Mobility Management (EMM) are vulnerable: They do not provide keystroke encryption to prevent keylogging in mobile devices.

Keystroke Encryption

Keystroke Encryption prevents keylogging by encrypting keystrokes upon entry, before they are processed by an application or browser. The encryption ensures that keylogging malware records only random characters that are of no practical use. Strong methodology is required to prevent keylogging software from capturing keystrokes before they are encrypted.

MobileTrust

The Solution for the problem of keylogging in mobile devices is MobileTrust.

MobileTrust is developed by StrikeForce Technologies, and supplies patented keystroke encryption for Google/Android and Apple/IOS mobile devices. Mobile apps and browsers that will accept a third-party keyboard are protected by MobileTrust against hook-based keyloggers.

See Related Information:  Patent US8566608 B2

Secure Keyboard

When MobileTrust is installed and configured, a Secure Keyboard will automatically appear throughout the device in other apps and browsers, including the IBM Security Trusteer Mobile Browser. Environments such as the IBM MaaS360 Enterprise Mobility Management (EMM) will also display the Secure Keyboard which will encrypt keystrokes upon entry.

The MobileTrust - Secure Keyboard encrypts keystrokes before they can be keylogged, then de-crypts them once they reach their destination in an app or online application.

Figure 1. Secure Keyboard

After MobileTrust is installed in Google/Android and Apple/IOS mobile devices, the MobileTrust - Secure Keyboard can be configured in the Settings App in either environment as the default keyboard.

Related Information:
Keylogging Ontology
MobileTrust: FAQs

Related Concept:
Keystroke Encryption

Related Reference:
One Time Password (OTP)
Patent US8566608 B2