1

I'm connecting to a remote machine via Teamviewer, let's assume it's trusted. Is it possible for a MITM or virus on my local (client) machine to detect keys I enter using my remote machine's on-screen keyboard? Or would that involve continuous screen capture (something I assume would degrade performance to the point of being eventually noticeable, and thus low efficacy for my hacker)?

Any surefire ideas for testing this would be appreciated.

user5654
  • 41
  • 1
  • 3
  • I just want to point out that the premise may not be correct. Simply running basic image recognition on a low-resolution, low-framerate video to detect the keys being pressed via an on-screen keyboard would _not_ degrade performance. My guess is that it would require less computer resources than simply opening a new tab in the browser. – forest Feb 10 '18 at 10:36
  • Thanks; I guess I could move the keyboard around a lot and actually type a few of the characters? I only need to do this for passwords and I'm only really worried about bots. Also I should note that the keyboard is not a widely used one. – user5654 Mar 03 '18 at 03:34
  • That's not likely to work either. Image recognition is very good at tracking something that is solid and moving. You fundamentally cannot input information securely when your method of inputting is compromised. The most a virtual keyboard can do is protect against _hardware_ keyloggers connected to the keyboard. If something is monitoring input to a remote machine, you've lost. – forest Mar 03 '18 at 03:36
  • You're there! Do you know if actual characters I typed in a Linux VM's virtual keyboard could possibly be registered to the host system - or to my client machine that's TVing into it - except via screen scraping? – user5654 Mar 03 '18 at 03:39
  • If you are typing something into a VM, the host will always know what you are typing. After all, the host receives it first and then sends it to the VM. – forest Mar 03 '18 at 03:40
  • No, I'm clicking into the VM's virtual keyboard. – user5654 Mar 03 '18 at 03:40
  • The host has access to all the guest's memory. It knows what the guest knows. – forest Mar 03 '18 at 03:42
  • OK, that's pretty bad. Thanks. I only have a limited number of options though, do you think it's less likely that a garden variety (automated) malware program would grab my passwords if I used X11 over SSH straight into the VM, or some other means? And it's even better if I did everything on a local machine over ethernet, right? – user5654 Mar 03 '18 at 04:03
  • There are several "garden variety" spyware programs that have easy to use, built-in screengrabbing capabilities. Even a script kiddie can use them. And yes connecting to another machine directly over Ethernet makes for less chances to intercept. Maybe you want a KVM switch (which don't get viruses given that they're simple devices), which would allow you to connect to a remote machine? – forest Mar 03 '18 at 04:08

1 Answers1

1

Simply running basic image recognition on a low-resolution, low-framerate video to detect the keys being pressed via an on-screen keyboard would not degrade performance, so it is a practical attack against virtual keyboards. There are free and easy to use spyware utilities that come with this functionality built in, so even script kiddies can do this.

You fundamentally cannot input information securely when your method of inputting is compromised. The most a virtual keyboard can do is protect against hardware keyloggers connected to the keyboard. If something is monitoring input to a remote or virtualized machine, you've lost.

Perhaps you want to use a KVM (Keyboard Video Mouse) switch. They are devices which allow remote access to, as the name states, the keyboard, display, and mouse (and often other HIDs). These devices are simple and do not run a complex operating system, nor do they allow executing files, making them more or less immune from malicious activity. They are nothing more than an extension for your monitor and input devices.

forest
  • 64,616
  • 20
  • 206
  • 257