Pre-installed keylogger found in over 460 HP laptop models

[midian182]

HP has once again been forced to issue an emergency patch for its laptops after a driver-level keylogger was discovered by a security researcher. Michael Myng, aka "ZwClose," found the code in the Synaptics Touchpad SynTP.sys keyboard driver, which is used in virtually all HP laptops, while he was trying to find a way of adjusting the backlighting.

Although the keylogger is turned off by default, changing registry values could see it enabled, making it a target for malware programs such as Remote Access Trojans (RAT).

HP said the "potential security vulnerability" is found in more than 460 of its laptop models, including those in the EliteBook, ProBook, Pavilion and Envy lines. The company has released a full list of affected devices, some of which date back to 2012.

"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue," wrote HP, who said the keylogger was actually a debug trace.

ZwClose says that a fix will also be issued as part of a Windows Update.

It was back in May when HP had to release a fix for a keylogger discovered by Swiss firm modezero that was buried in the Conexant HD audio driver and distributed by the firm since at least Christmas 2015. The company said the code had been mistakenly added to the software.

Permalink to story.

https://www.techspot.com/news/72251-pre-installed-keylogger-found-over-460-hp-laptop.html

 

[treeski]

Maybe HP should take a hint a dump that Synaptics crap, and just use Windows' built-in Precision Touchpad implementation.

 

[Uncle Al]

Never been a fan of HP computers, particularly all those proprietary components they claim are "the best". Never bought one and stopped buying HP plotters over a decade ago. Really a shame to watch such a good company just go into the toilet ....

 

[texasrattler]

HP aint the only one that has done this. Love how ppl make it seem HP is the only one, they aren't. Also what other manufacturer you plan on getting who's better? Oh wait, there isn't one. Lenovo, we all know about them. Dell, up and down every year, also have common charger and software issues. Asus, most ppl don't even know them like Lenovo even though they are both in the top 5 in computers. Some still don't like them for various reason. Acer, crap compared to what they use to be a few yrs ago, although they do have some really good products. Toshiba, done, Sony, done.

Then there is Microsoft and Apple. Both are loved and hated. Both are really expensive. Both have their issues.

At the end of the day, there is no company out there that does anything for the customer, it's about money. All do it and will continue to squeeze as much out as they can even if it means selling data or capturing data for whatever purpose. They ALL LIE.

Btw they all make claims, means nothing. They all claiming this or that. If HP should go into the toilet, they all should because there isn't any better company out there.

 

[cliffordcooley]

This is one reason why you clean install your own operating system and software.

 

[Danny101]

This is one reason why you clean install your own operating system and software.

Agreed, except what do you do when it's a driver that's the issue, and it has to be there?

 

[alexnode]

I had a HP printer and what they do with the pricing of the ink is unbelievable. I got an ugly brother printer and I am really happy with it. I want nothing to do with HP.

 

[Theinsanegamer]

This is one reason why you clean install your own operating system and software.

Agreed, except what do you do when it's a driver that's the issue, and it has to be there?

In this case, it is the synaptic software package that comes with said driver.

So, I'd just extract the driver and install it manually, or use the default touchpad driver.

 

[Squid Surprise]

Article is a tad "clickbait".... there was a keylogger that is TURNED OFF embedded in a driver that 99% of users would never touch...

A software update will eliminate this and I highly doubt any devices will see any effect whatsoever.

What is more concerning is how it got there in the first place - and was it an "accident" or did someone attempt to get it there on purpose.

And if it's the latter, what other stuff is lurking around other OEM machines being sold today....

 

[tipstir]

Just shameful such a huge company like this must have known all these years. Takes one rouge software engineer there at HP. So many from outside the US is hired. I know because I am in that field. HP UAT has failed otherwise that would have been caught.

 

[lostinlodos]

In this case, it is the synaptic software package that comes with said driver.

So, I'd just extract the driver and install it manually, or use the default touchpad driver.

Spot on. The default windows driver works just fine. You don’t need the bloated software package version. The register key is set up via the SOFTWARE!

 

[Danny101]

Spot on. The default windows driver works just fine. You don’t need the bloated software package version. The register key is set up via the SOFTWARE!

So with HP laptops for example, all HP associated software can be uninstall and the laptop would basically be generic and non specific? Making HP into just an aggregator of parts much like customizing a PC build?

 

[Squid Surprise]

So with HP laptops for example, all HP associated software can be uninstall and the laptop would basically be generic and non specific? Making HP into just an aggregator of parts much like customizing a PC build?

Pretty much... just be sure you know if there's any proprietary hardware that needs specific drivers... but generally, you can format the HD on pretty much any laptop and install a fresh copy of Windows (or any other OS I suppose, as long as it's compatible) and have it run fine.

 

[lostinlodos]

So with HP laptops for example, all HP associated software can be uninstall and the laptop would basically be generic and non specific? Making HP into just an aggregator of parts much like customizing a PC build?

Pretty much... just be sure you know if there's any proprietary hardware that needs specific drivers... but generally, you can format the HD on pretty much any laptop and install a fresh copy of Windows (or any other OS I suppose, as long as it's compatible) and have it run fine.

Yep. I can’t remember the last time I bought a laptop and didn’t immediately wipe out the drive and install from scratch. I do that for desktops too. There’s rarely anything that comes on name computers I couldn’t get a better alternative for on my own. And finding drivers in this age is rather easy. Most stuff, even modified or proprietary, aren’t actually all that proprietary. They’re OEMd parts and the drivers can be found clean and clear on the actual part manufacturer’s site.