A security researcher has discovered that hundreds of HP laptop models are affected by a potential security vulnerability. Michael Myng, AKA ZwClose, discovered keylogger code in the SynTP.sys driver, on an HP laptop belonging to a friend. This driver comes pre-installed in more than 460 laptop models from HP, including its most popular sub-brands such as EliteBook, ProBook, Pavilion and Envy ranges, since 2012. HP has reacted quickly and released a patch (alongside a full list of affected hardware). The patch is also available to affected users via Windows Update.
ZwClose was looking into controlling keyboard backlighting on an HP laptop when he stumbled upon what “looks like a format string for a keylogger”. Apparently the keylogger saved scan codes to a WPP trace. However, it was noted straight away that logging was disabled by default and a potential spy/hacker would need to enable it by setting a registry value (UAC required).
If enabled by somehow accessing the HP machine directly or via malware, malicious code, Trojan software etc, the Synaptics driver could be leveraged to log keyboard input to spy upon users.
ZDNet notes that other PC makers using Synaptics drivers for input devices may be affected. HP users suffered from a similar vulnerability back in May when a keylogger in the Conexant HD audio driver package of several HP machines was discovered. The firm reacted quite quickly to that Conexant issue, which could have otherwise been an avenue for malicious parties to collect passwords, web addresses, and private messages.