Keylogger Discovered on HP Laptops

Keylogger Discovered on HP Laptops

The keylogger is disabled by default but can be enabled in the Windows Registry. Over 460 laptop models are affected.

By Matthew Humphries December 11, 2017 9:28AM EST

HP isn't doing too well on the security front recently. Last month the company was accused of quietly installing spyware on Windows PCs. This month, a keylogger has been found on over 460 different models of HP laptop.

The keylogger was discovered by security researcher Michael Myng who was looking at the keyboard driver SynTP.sys in an attempt to figure out how to control HP's laptop keyboard backlight. What he found was a keylogger capable of recording every key stroke made by a user. Thankfully, the keylogger is disabled by default, but a simple registry value change would enable it meaning it counts as a "potential security vulnerability" a hacker could take full advantage of.

As the BBC reports, HP has issued a software patch to remove the keylogger which is present in the Synaptics touchpad driver. HP points out that enabling the keylogger would require administrative access therefore limiting the threat. However, there are over 460 models of HP laptop affected, including those in the EliteBook, ProBook, Pavilion, and Envy ranges, and the keylogger has been present since 2012. The software patch support page lists all models carrying the disabled keylogger.

If you're wondering why HP allowed a keylogger to ship on so many laptops for so long, it looks to be a simple oversight. It was originally installed with the driver to act as a debugging tool checking for errors in the Synaptics software. It was then disabled, but never removed. That's quite dangerous in 2017 when hackers will grab any opportunity they can find in hardware used by millions of people.



Comments

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

From Amazon to Wal-Mart, digital retail is producing more jobs and higher pay

Facebook says hackers saw personal info of 14 million people