Hundreds of HP Laptops, Tablets Found with Pre-Installed Keylogger
A security researcher has found that hundreds of different models of HP notebooks, tablets and other devices include a keylogger that could track and record every keystroke a user makes. Linked to touchpad drivers made by Synaptics, the keylogger is disabled by default and can be fixed with security patches released by HP last month.
The keylogger was discovered by security researcher Michael Myng, who publicly disclosed his findings in a blog post Thursday. In his post, Myng said that he messaged HP about his discovery and the company responded quickly by confirming the issue and releasing a software update to resolve the problem.
HP said neither it nor Synaptics "has access to customer data as a result of this issue." However, after a registry change, the keylogger could enable a malicious actor to monitor a user's keyboard activity.
More than 450 Affected Devices
Writing under the handle "ZwClose," Myng said he discovered the keylogger after an associate asked whether he could find a way to control the keyboard backlighting on an HP laptop. When he opened the keyboard driver SynTP.sys, Myng said he noticed "a few interesting strings," in particular, one that looked like a format string for a keylogger.
"I messaged HP about the finding," Myng said. "They replied terrificly [sic] fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace."
In a Nov. 7 security update, HP provided links to software patches for more than 450 products, including multiple models of the HP Notebook, HP EliteBook, HP Mobile Thin Client, HP ProBook, HP Spectre Pro and HP ZBook Mobile Workstation. The company said that affected users should install the appropriate update for their devices as soon as possible.
Second Keylogger Issue this Year
"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners," HP said in last month's security bulletin. "A party would need administrative privileges in order to take advantage of the vulnerability."
This isn't the first time such an issue has affected HP devices. In May, researchers with Switzerland-based security company Modzero reported finding a keylogging vulnerability in the Conexant audio drivers in HP laptops.
That problem, like the one reported by Myng, was blamed on debugging code that had been inadvertently left by developers. It also affected numerous models, including HP EliteBooks, ProBooks, and ZBooks.
In a statement acknowledging the May keylogger discovery, HP said it had "no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version."