Typical Technological Trickery
It’s an old adage that you can’t secure a computer against people with physical access to it. I was interested in this idea, so I was exploring what could be done with only keyboard and mouse access to a typical Ubuntu machine (i.e. without being able to plug in usb devices or pull out hard drives) when I came across the xinput test command. I’m sure this is old hat to anyone with a real interest in security, and I’m sure there are plenty of ways to counter it; but I think it’s interesting anyway.
So, here’s how to run an X11-based keylogger which writes to a local file and probably won’t be noticed by a non-paranoid user: Open a terminal, run
with a leading space character (markdown eats leading spaces in code samples..) and close the terminal. You may need to change the AT Translated to the name of your keyboard to get it working one your machine, have a look at the output of xinput list. Now press some keys and it will write into /tmp/tmp.QTQTivXDhI something like:
Of course to make any use of this an attacker would need to come back to the machine and inspect the resulting file, but if someone can get access once they can probably do it a second time.
