Keylogger uncovered on hundreds of HP PCs

Dec. 11, 2017

Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.

The bug was discovered by Michael Myng, also known as “ZwClose.” The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.

In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.

While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code—including Trojans—could take advantage of the keylogging system to spy on users.

HP has acknowledged the issue. In a security advisory, HP said:

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners.

A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”

A CVSS (Common Vulnerability Scoring System) score of 6.1 has been issued, together with updated firmware and drivers for hundreds of laptops, both commercial and consumer.

Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.

The researcher said that a fix will also be included in Windows Update.

Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.

ZDNet has the full story

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...