HP laptop keyboard driver contains keylogger

[NumLock21]

A security researcher has discovered a flaw in the keyboard driver used on HP laptops. The flaw contains a keylogger, when the function is enabled, allows a attackers to record the users keystrokes.

Quote

That registry key is:

 

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.

"The keylogger saved scan codes to a WPP trace," said ZwClose. WPP software tracing is a technique used by app developers and is intended for debugging code during development.

After reporting the issue, the researcher said HP devs candidly admitted the keylogging code was a leftover from debugging sessions and "released an update that removes the trace."

HP has released a driver update for all of the affected laptops. What's interesting is based on personal experience, the driver update is the exact same as the one they provided back in October. Not sure if the old one also has the keylogging registry removed or not. But looks like it did because when trying to search for those entries, it shows no results. For those with a HP laptops, then download the file and apply the update.

https://support.hp.com/us-en/document/c05827409

https://www.bleepingcomputer.com/news/hardware/keylogger-found-in-hp-notebook-keyboard-driver/

[Guest]

29 minutes ago, VegetableStu said:

Is this "we want to know which keys are being pressed more often" again? ( -_(\

This time they are saying its leftover debugging code

 

At least this isn't about it being a part of the firmware (So linux users rejoice!)

[mr moose]

2 minutes ago, huilun02 said:

What a stink

Just buy Dell. They have too many corporate customers to pull off shit like this.

Are you suggesting HP did this on purpose?  and more so do you realise that dell isn't as big as HP in both domestic and professional markets?

[vanished]

*Obligatory "mine's not affected so there's no problem" comment *

 

When will this stop happening? Intentional or not this is totally unacceptable and easily avoidable.  I can recall far too many stories of laptop's having some sort of horrible infection like this right from the factory.

[79wjd]

Wait, didn't this happen with HP a few months ago (and they said it was the same thing)?

 

EDIT: Ah, it was one of their audio drivers:

 

[Guest]

Just now, djdwosk97 said:

Wait, didn't this happen with HP a few months ago (and they said it was the same thing)?

Yah, it was in the audio driver that time

[mr moose]

45 minutes ago, tjcater said:

This time they are saying its leftover debugging code

 

 

I think the may one was about that too.  HP might want to look into their software development/finishing procedures. 

[Bananasplit_00]

Nice, so thats another problem with my laptop then, wow I love the Z Books sooooooo much! Best laptop EVER! 

[Matu20]

7 hours ago, VegetableStu said:

Is this "we want to know which keys are being pressed more often" again? ( -_(\

That was an actual excuse?

[Nicnac]

This is shit. Never had anything from hp except a printer once and never am going to get anything else from them...

[Doobeedoo]

Wow these companies, wipe everything off. 

In future, laptop coming with keylogger, adds, miner, dlc unlockables and lootboxes. 

[Jito463]

Well carp, looks like my 15-f305dx model is included.  Downloading the update now.  Fortunately it's just my break computer, so I can catch up on forums and play some games while at lunch.

[GoodBytes]

Thread Moved back to Tech News Section

[System Error Message]

HP has always been terrible. It could be they wanna sell your info as usual. Its not new for a big company to do it, anyone remember's EA origin platform?

 

HP bloatware has also been terrible. Never have i seen a worse bloatware setup in a major brand. I remember servicing a windows 7 laptop last time, it was so slow. After removing all the bloatware it was very fast despite being a dual core slow AMD laptop. Dell's own bloatware impact is less though.

 

So HP's overheating is still true. Bad battery life, slow, hot, partly because of the bloatware. Removing some of it required me to boot from USB and manually prevent any reinstallation by utilising the ntfs security which is by creating a file and making it the same name as the folders they use.

 

Keyboards dont need drivers, only for custom keys.

[IntMD]

 

http://www.bbc.co.uk/news/technology-42309371

 

So, it seems that HP left a keylogger in the synaptics driver. They've issued a patch that apparently removes it now, so might be worth updating that if you have one of the affected laptops. This is in addition to the keylogger found in May which was included with the audio driver 'accidentally'.

 

Quote

HP said more than 460 models of laptop were affected by the "potential security vulnerability".

It has issued a software patch for its customers to remove the keylogger.

The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.

 

Quote

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.

Quote

Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop.

He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.

According to HP, it was originally built into the Synaptics software to help debug errors.

It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.

 

[James7176]

So that's how my minecraft account got hacked

[Zmax]

From what i have read. The keylogger in not active by default, and you need access to the comp, to activate it. 

 

But it`s weird. 

[IntMD]

Just now, VegetableStu said:

redoot

Apparently I didn't look back far enough

[WkdPaul]

16 minutes ago, IntMD said:

Apparently I didn't look back far enough

It happens, threads merged.

[razaldo]

Quote

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.

Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.

HP said more than 460 models of laptop were affected by the "potential security vulnerability".

It has issued a software patch for its customers to remove the keylogger.

The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.

Original article from BBC. 

 

This is not the first time. The concerns I have is that this is an issue from models that are not only top of their line but also launched nearly 5 years ago in 2012. 

 

Also, is there a way to check the synaptics drivers this came along with? There are so many other laptops that use the same driver. Could it be possible that laptops by other manufacturers also have the same "additional" feature?