vacancies advertise contact news tip The Vault
facebook rss twitter

Hundreds of HP laptop models include pre-installed keylogger

by Mark Tyson on 11 December 2017, 15:01

Tags: Hewlett Packard (NYSE:HPQ)

Quick Link: HEXUS.net/qadoqn

Add to My Vault: x

Please log in to view Printer Friendly Layout

A security researcher has discovered that hundreds of HP laptop models are affected by a potential security vulnerability. Michael Myng, AKA ZwClose, discovered keylogger code in the SynTP.sys driver, on an HP laptop belonging to a friend. This driver comes pre-installed in more than 460 laptop models from HP, including its most popular sub-brands such as EliteBook, ProBook, Pavilion and Envy ranges, since 2012. HP has reacted quickly and released a patch (alongside a full list of affected hardware). The patch is also available to affected users via Windows Update.

ZwClose was looking into controlling keyboard backlighting on an HP laptop when he stumbled upon what “looks like a format string for a keylogger”. Apparently the keylogger saved scan codes to a WPP trace. However, it was noted straight away that logging was disabled by default and a potential spy/hacker would need to enable it by setting a registry value (UAC required).

If enabled by somehow accessing the HP machine directly or via malware, malicious code, Trojan software etc, the Synaptics driver could be leveraged to log keyboard input to spy upon users.

ZDNet notes that other PC makers using Synaptics drivers for input devices may be affected. HP users suffered from a similar vulnerability back in May when a keylogger in the Conexant HD audio driver package of several HP machines was discovered. The firm reacted quite quickly to that Conexant issue, which could have otherwise been an avenue for malicious parties to collect passwords, web addresses, and private messages.



HEXUS Forums :: 3 Comments

Login with Forum Account

Don't have an account? Register today!
Interesting that Synaptics owns or is owned by Conexant, isn't it? And all these dodgy drivers containing the ‘disabled’ key loggers were only found in HP computers (all American entities)?

They probably enable it when they sell a bulk load of systems to foreign Governments :P
I was waiting for the punchline that Windows 10 was pre-installed on them.
Oh HP…Just when I thought they were getting their act together with nice looking ultrabooks