Security researcher Michael Myng also known as ZwClose discovered a driver-level keylogger on HP laptops. The bug has been now solved via an emergency patch issued by Hewlett Packard. Hundreds of HP laptops were affected, including HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks and HP ZBook models.
Official description of the vulnerability:
A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.
Myng came across the keylogger while exploring Synaptics Touchpad SynTP.sys keyboard driver
He analyzed the way keyboards were backlit and came across some weird looking code that resembled a keylogger. “HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required),” the researcher wrote.
Even though logging was disabled by default, it could have been enabled via altering registry values which could have led to the laptop being compromised by malicious software. Trojans and other forms of spyware, for examples, are very likely to leverage keylogging to spy on unsuspecting users.
Fortunately, HP was very swift to respond. Shortly after the researcher messaged the company about the issue he found, they replied by confirming the presence of the keylogger. However, the keylogger turned out to be a debug trace which was adequately removed via the update HP already released.
The patch will also be added to Windows Update.
Not the first time HP features keylogger in their products
This is not the first time such a component was found in HP products. Back in May, security researchers from security firm Modzero unearthed a built-in keylogger in an HP audio driver while examining Windows Active Domain infrastructure.
The initial purpose of the software appeared to be to recognize whether a special key has been pressed or released. The software however was tailored and the developer, Conexant, added a number of diagnostic and debugging features. The features were there to ensure that all keystrokes “are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive”. Interestingly, this type of debugging literally transforms the audio driver into a keylogger, which is nothing but a form of spyware.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me:
The keyloggers have been detected in laptops as latest as 2017. I don’t understand why these companies try to make the fool out of people and think they can get away with that.