Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Dormant Keylogger Functionality Found in HP Laptops

A researcher has discovered that a touchpad driver present on hundreds of HP laptops includes functionality that can be abused for logging keystrokes. The vendor has released patches for a vast majority of affected devices.

A researcher has discovered that a touchpad driver present on hundreds of HP laptops includes functionality that can be abused for logging keystrokes. The vendor has released patches for a vast majority of affected devices.

Michael Myng was looking for ways to control the keyboard backlight functionality on HP laptops when he noticed that the driver from Synaptics (SynTP.sys) included keylogging functionality.

The problematic code is apparently part of a debugger implemented through the Windows software trace preprocessor (WPP). The feature is disabled by default, but a user with administrator privileges can enabled it by changing a value in the Windows registry, allowing them to log keystrokes to a local file.

Myng informed HP of his findings and the company released updates that remove the problematic debugging functionality for nearly all impacted products. However, devices from other vendors that use this Synaptics driver could be affected as well.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners,” HP said in its advisory. “A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”

The vulnerability, classified by the vendor as “medium severity,” impacts more than 460 laptop models, including many EliteBook, mt, ProBook, Spectre Pro, Stream, ZBook, Envy, Pavilion, Split and Omen devices.

Some people have pointed out that an attacker who has the privileges required to activate the keylogger functionality could do anything on the system, including install a proper keylogger, and would not need to exploit this vulnerability. Others, however, believe it could still be useful for malicious actors since the keylogging mechanism is already in place.

This is not the first time keylogging functionality has been found in software shipped with HP laptops. Back in May, researchers discovered that a Conexant audio driver installed on some HP laptops had been logging keystrokes to a file.

Advertisement. Scroll to continue reading.

Related: HP Laptop Audio Driver Acts as Keylogger

Related: NVIDIA Patches Several Flaws in GPU Display Drivers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...