Home News HP laptops have keylogger attached to their Synaptics Touchpad driver

HP laptops have keylogger attached to their Synaptics Touchpad driver

by Harikrishna Mekala

The keylogging code was embedded in the SynTP.sys file, which is a module of the Synaptics Touchpad driver that ships with HP notebook models.

“The logging was disabled by default but could be permitted by setting a registry value,” said a security researcher going by the Title of ZwClose, who identified the flaw earlier this year.

That registry key is:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

Malware devs can use this registry key to enable the keylogging function and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to avoid a UAC prompt when changing the registry key. There are tons of methods of bypassing UAC prompts currently available.

“The keylogger saved scan keys to a WPP trace,” said ZwClose. WPP software copy is a technique used by app developers and is meant for debugging code during development.

After reporting the issue, the researcher said HP devs honestly admitted the keylogging code was a leftover from debugging settings and “released an update that removes the trace.”

This is not the first time HP engineers have forgotten debugging code inside a driver. The same thing appeared in May when they left related keylogging code inside an audio driver.

HP published a list of affected notebooks. The list is 475 models-long and adds 303 consumer notebooks and 172 business notebooks, mobile thin clients, and mobile workstations. Affected model lines include HP’s 25*, mt**, 15*, OMEN, ENVY, Pavilion, Stream, ZBook, EliteBook, and ProBook series, along with several Compaq models.

Take your time to comment on this article.

You may also like