Is the data between a keyboard and a web browser secure from local computer applications?

No, your data is not safe from key loggers on a local computer. There isn't much more to say here, to be fair. A key logger will grab and save any key stroke entered. The tls (https) encryption happens "after" the driver from keyboard "sends" those key strokes to the browser, "through" the key logger.

Even if encryption is being used and there isn't one many types of spyware on the computer, the connection between the computer and site might have a Man in The Middle (MiTM) device in between which tricks your computer into thinking it's using encryption when it's not.

Good question. Yes, on a public kiosk you run the risk of credential harvesting. I can not think of anything that would bypass keylogging software (VPN will fix MiTM issues). Beware.


HTTPS can't possibly fully protect your user input on an untrusted computer: The computer could have keylogger software installed. The keyboard could have firmware programmed to keylog you. There could be a hardware device between the computer and the keyboard recording keypresses. There could be screen recording software running. There could be a video camera pointed at the keyboard while you're using it. The computer might be configured to fully trust a network proxy that acts as a man-in-the-middle for all HTTP and HTTPS connections.


As covered in other answers, HTTPS only protects the transmission part of the communication, between your computer (browser) and the remote server. Anything between the user (human) and the browser is vulnerable to attackers.

Even if the keyboard is secured between the browser, a camera (outside the computer) could capture a video of you entering the password - that doesn't even remotely have anything to do with HTTPS.


Actions speak louder than words.

Long ago when I was 15, I wrote a simple key logger that is able to log almost everything. It nevertheless successfully stole a lot of passwords, including those entered into an HTTPS page.

Link: My GitHub repo of the aforementioned key logger program.

Tags:

Tls

Keyloggers