Keylogger uncovered on hundreds of HP PCs

Dec. 11, 2017

Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.

The bug was discovered by Michael Myng, also known as “ZwClose.” The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.

In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.

While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code—including Trojans—could take advantage of the keylogging system to spy on users.

HP has acknowledged the issue. In a security advisory, HP said:

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners.

A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”

A CVSS (Common Vulnerability Scoring System) score of 6.1 has been issued, together with updated firmware and drivers for hundreds of laptops, both commercial and consumer.

Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.

The researcher said that a fix will also be included in Windows Update.

Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.

ZDNet has the full story

Sponsored Recommendations

The Race to Replace POTS Lines: Keeping Your People and Facilities Safe

Don't wait until it's too late—join our webinar to learn how healthcare organizations are racing to replace obsolete POTS lines, ensuring compliance, reducing liability, and maintaining...

Transform Care Team Operations & Enhance Patient Care

Discover how to overcome key challenges and enhance patient care in our upcoming webinar on September 26. Learn how innovative technologies and strategies can transform care team...

Prior Authorization in Healthcare: Why Now?

Prepare your organization for the CMS 2027 mandate on prior authorization via API. Join our webinar to explore investment insights, real-time data exchange, and the benefits of...

Securing Remote Radiology with the Zero Trust Exchange

Discover how the Zero Trust Exchange is transforming remote radiology security. This video delves into innovative solutions that protect sensitive patient data, ensuring robust...