Keylogger Discovered on HP Laptops
Keylogger Discovered on HP Laptops
The keylogger is disabled by default but can be enabled
in the Windows Registry. Over 460 laptop models are affected.
By Matthew Humphries December 11, 2017 9:28AM EST
HP isn't doing too well on the security front recently.
Last month the company was accused of quietly installing spyware on Windows
PCs. This month, a keylogger has been found on over 460 different models of HP
laptop.
The keylogger was discovered by security researcher
Michael Myng who was looking at the keyboard driver SynTP.sys in an attempt to
figure out how to control HP's laptop keyboard backlight. What he found was a
keylogger capable of recording every key stroke made by a user. Thankfully, the
keylogger is disabled by default, but a simple registry value change would
enable it meaning it counts as a "potential security vulnerability" a
hacker could take full advantage of.
As the BBC reports, HP has issued a software patch to
remove the keylogger which is present in the Synaptics touchpad driver. HP
points out that enabling the keylogger would require administrative access
therefore limiting the threat. However, there are over 460 models of HP laptop
affected, including those in the EliteBook, ProBook, Pavilion, and Envy ranges,
and the keylogger has been present since 2012. The software patch support page
lists all models carrying the disabled keylogger.
If you're wondering why HP allowed a keylogger to ship on
so many laptops for so long, it looks to be a simple oversight. It was
originally installed with the driver to act as a debugging tool checking for
errors in the Synaptics software. It was then disabled, but never removed.
That's quite dangerous in 2017 when hackers will grab any opportunity they can
find in hardware used by millions of people.
Comments
Post a Comment