Over 460 HP notebook versions affected with an inactive keylogger
Many notebooks and pre-built PC system makers are not strangers to having security problems. HP is in the limelight again as some laptops were preinstalled with an inactive keylogger in its Synaptics touchpad driver. According to a security researcher, this affects more than 460 HP notebook versions. This is spread throughout EliteBook, ProBook, Spectre Pro, ZBook, Pavilion and its Envy gaming lineups.
This is discovered By Micheal Myng aka ZwClose recently. Though disabled by default, he said it can be enabled via the system’s registry. There was also an issue with HP’s debugging code forgotten in the driver. As of now, HP has released the list of affected models and a security update. The patch can be downloaded from here. It is not clear if this update will be preinstalled in a newer version of the notebooks. The correction driver is now 616 KB sized file as opposed to 881 KB ‘keylogger version’.
Function of a keylogger
Keyloggers are tools designed with the malicious intent of recording your keystroke in a file, either saving a local file in its device or discretely send it to a server.
At an earlier date, HP had a keylogger hidden away in its audio driver in systems may be sold since 2015.
HP’s history of keyloggers
A week ago, HP also used a telemetry client which the company claims its ‘HP Touchpoint Analytics’ and does not send any data without consent. At this point, the wise course of action on a new PC is to do a clean format and reinstall Windows OS. This way, you don’t have to deal with a headache of ‘if and when’. HP was quick to respond to Micheal’s report and have a solution roll out. Regardless, it is rather amusing to see how a manufacturer forgets to remove the keylogger from its installation package.
Is it Synaptics fault?
HP claims neither they or Synaptics have the keylogger data, as indicated by the security research. But the company claims this affects all OEM partners using Synaptics trackpad, but the keylogger was part of the installation package. There have been no updates from Synaptics or any other OEMs. We’ve asked Lenovo and Acer if they found any keylogger in its trackpad drivers. Their response will be added once we’ve received them.
Such activity isn’t limited to system manufacturers. A Chinese based keyboard manufacturer was found to use a keylogger which then sent keylogger data to a server leased from Alibaba.
— Hardware BBQ (@HardwareBBQ) December 12, 2017