Keylogger found in HP Notebook models
Earlier this year, we had reported how the audio driver pre-installed on several Hewlett-Packard (HP) laptops contained a built-in keylogger code that recorded all of a user’s keystrokes and stored the information such as usernames and passwords, personal information in a human-readable file. In order to rectify this, HP then rolled out patches to remove the keylogger, which also deleted the log file containing the keystrokes.
Now, a security researcher named ‘ZwClose’ has claimed of discovering similar built-in keylogger issue in several HP laptops that allows hackers to record every keystroke of the user and steal sensitive data, including passwords, account information, and credit card details.
More than 460 HP Notebook models were reported to have been exposed for exploit to hackers due to the keylogger found present in the SynTP.sys file, which is a part of the Synaptics Touchpad driver that ships with some HP notebook models.
Even though the keylogger component is disabled by default, it could be enabled “by setting a registry value” by utilizing open source tools available for evading User Account Control (UAC).
Given below is the location of the registry key:
HP was notified regarding the presence of keylogger component by the researcher last month, which was confirmed by the company who said that it was basically “a debug trace” that was left unintentionally and has now been removed.
In its advisory, HP called the keylogger as a potential, local loss of confidentiality. “A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners.
“A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”
The company has released a Driver update to remove debugging code for all the affected HP Notebook models. Click here to see the entire list of affected HP laptops and their patches.
ZwClose also published a technical analysis of the SynTP.sys file and the keylogger code for security researchers and software developers.
Source: The Hacker News