Keylogger Spyware Found in HP Notebook Keyboard Driver

froggyboy604

froggyboy604

Well-Known Member
Staff member
Manager
Full GL Member
Credits
27,705
Mature Board Viewing
Unlock full profile styling
HP has released driver updates for hundreds of notebook models to remove debugging code that an attacker could have abused as a keylogger component.

The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.

"The logging was disabled by default but could be enabled by setting a registry value," said a security researcher going by the name of ZwClose, who discovered the flaw earlier this year.

That registry key is:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.

Keylogger Found in HP Notebook Keyboard Driver

This is unfortunate. It can be a good time to switch to Linux if you use an HP laptop.
 
Demon_Skeith said:
Wouldn't linux still have to use that driver and still make it a threat?
Click to expand...

I think the article is talking about the Windows drivers. Linux may use the generic keyboard drivers for most USB and PS/2 keyboards, and HP may not have Linux keyboard drivers for Linux.
 
GNU/Linux is GPL licensed, so if you make use of any code found in GNU and/or Linux, you must make your code open source, and credit the original writers.
This is why Linux devs usually make drivers themselves, which they then include into the Linux Kernel.
And if it needs to be closed source, this stuff usually gets released separately as "non-free", which distro makers normally recommend against installing.

Regardless, HP recently got caught on installing spyware, and now again.
Good going HP! ヽ(´ー`)ノ
 
Danielx64 said:
Guys, I think you are all overreacting to this, have a look at this topic: Keylogger Found in HP Notebook Keyboard Driver By

By default, it's not turned on and it doesn't record what you typed or anything like that.
Click to expand...

I agree, the risk of having key strokes stolen is not very high if it is true that it is not turned ON. But, there is a risk of malware turning the keylogger ON, and stealing your key strokes from the keyboard.

But, it can be a good idea to switch to another laptop brand like Apple or System76 or operating system like Linux or UNIX on your HP laptop if you don't want to risk losing your key strokes to malware which exploit this key logging vulnerability.

Keeping your antivirus, and firewall software up to date may work good enough against defending your HP laptop against malware which exploit this HP keyboard driver vulnerability. It is also a good idea to check daily if there is an HP keyboard driver update which may keep most users safe from this keylogger bug, and other keyboard driver security vulnerability.
 
Danielx64 said:
Guys, I think you are all overreacting to this, have a look at this topic: Keylogger Found in HP Notebook Keyboard Driver By

By default, it's not turned on and it doesn't record what you typed or anything like that.
Click to expand...
You'll need to ask the question: why is there keylogger included at all in the first place?
And I mean regardless of what it's doing.

I mean, why log anything at all which is of 0 use to both the users and developers?
It might not log keys or coordinates now, but who knows when it will?
 
Demon_Skeith said:
True as that is, the issue here is that 1. it is there and 2 there is a chance that it can be silently turned on.
Click to expand...

The added keylogging feature may also make the keyboard driver use slightly more storage space, CPU resources, and RAM when the keyboard driver is being used. The higher resource usage can be a big deal for people who use the driver on a lowend laptop with less RAM, and a slower CPU.
 
You must log in or register to reply here.
Back
Top