By Heather Hamilton, contributing writer
Michael Myng, a security researcher, found a keylogging code preinstalled on software drivers on 460 models of HP laptops. The code records every key entered on the machines and presents a security vulnerability.
Myng, who writes as ZwClose, said that he messaged HP about his find after trying, unsuccessfully, to get someone to lend him an HP laptop. On his blog, he writes, “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace), and released an update that removes the trace.”
HP has issued a software patch that allows customers to remove the keylogger on impacted machines, including the EliteBook, ProBook, Pavilion, and Envy ranges, as well as others, as far back as 2012.
HP wrote, “HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide the fixes to their error for impacted HP systems, available via the security bulletin on HP.com.”
The BBC reported that the keylogger was discovered when Myng was attempting to learn how to control the keyboard backlight on an HP laptop. He noted that the keylogger was disabled by default but can be enabled by modifying a Windows Registry value on the system, though an attacker with access to the computer could have enabled it to record anything typed by the user.
In his blog post, Myng writes, “Some time ago, someone asked me if I can figure out how to control HP’s laptop keyboard backlight. I asked for the keyboard driver SnyTP.sys, opened it in IDA, and after some browsing noticed a few interesting strings.”
HP says that the keylogger was originally built into Synaptics to debug errors and that neither HP or Synaptics has access to customer data but acknowledges that it could lead to a loss of confidentiality.
In a summary from November 7, HP acknowledged the vulnerability and said that the keylogger code is part of certain Synaptics touchpad driver versions. They also mentioned that it may have affected other Synaptics OEM partners. They write, “A party would need administrative privileges in order to take advantage of the vulnerability.”
This isn’t the first time that HP has had problems with keyloggers — in May, pre-installed audio drivers were also found with keyloggers on a few HP laptops, which HP said had been mistakenly added. Despite what appears to be a series of simple mistakes, users are admittedly worried about HP’s oversights.
Sources: ZwClose, Hewlett Packard, BBC
Image Source: Pixabay
Learn more about Electronic Products Magazine