We explained that a usual way to steal password is with keyboard loggers. This happened once at Sumitomo Bank, where someone installed a hardware keylogger to a computer and got some passwords which allowed him to transfer money to an account on his own.
The bank has opted for a low-tech solution to this problem. To avoid someone installing hardware keyloggers they have glued the connectors to the back of the PC with SuperGlue, so it’s not possible to unplug the keyboard and insert the keylogger.
It’s a known problem that to secure a computer where the user has physical access to it is quite difficult, so I would have opted instead for using dumb terminals instead of PCs, so the security only has to be implemented in one place, making it easier to control.
This is not always possible, as some systems can’t be configured to work with dumb terminals or might not be convenient for the business. In this case, the solution is to keep the PC case in a “secure” lock where it cannot be accessed by the users without permission.
From | Threat Chaos.
0 Responses to “Defeat hardware keylogger with SuperGlue”