Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

Hundreds of HP laptops have been found to have hidden keylogging code

By Koh Wanzi - on 13 Dec 2017, 10:44am

Hundreds of HP laptops have been found to have hidden keylogging code

HP Envy 13

A security researcher has found a hidden keylogger in a touchpad driver commonly used on HP laptops.

Michael Myng, who also goes by the handle ZwClose, was initially just exploring the possibility of controlling the keyboard backlighting on a friend’s HP laptop. But after poking around in the Synaptics touchpad driver, he found what looked to be a sleeping keystroke logger that could be activated by a simple change in the Windows registry.

The keylogger is disabled by default and is supposedly included for debugging purposes during development, so it’s not that HP or anyone else was trying to actively monitor your keystrokes.

The problem is that it could be exploited by malicious actors to obtain log-in credentials or other sensitive data. A user or software with administrative privileges could activate the keylogger remotely using Windows Management Instrumentation (WMI) or PowerShell scripts, and have it generate a trace log file.

The code is also found on hundreds of HP and Compaq business and consumer notebooks, including models in the EliteBook, ProBook, Pavilion, and Envy lines.

HP has released a full list of the affected devices (it stretches back to 2012) here, so you might want to check it out if you own an HP laptop. The same driver is also used on Windows laptops from other brands and these are affected as well, according to HP.

The company has already made available patched drivers for its many laptops, and it stressed that neither it nor Synaptics had obtained customer data because of the keylogger.

A similar keylogger was found in audio drivers pre-installed on HP laptops in May, so this isn’t the first time the company has run foul of keyloggers.

Source: ZwClose