Sunday, December 11th 2016

HP Laptops Shipped with Hidden Keylogger

Michael Myng, more commonly known as ZwClose, was approached by a friend to look into the possibility of controlling the keyboard's backlighting on his HP laptop. Michael was down for the challenge, and his friend sent the Synaptics SynTP.sys file over to him. After analyzing the keyboard driver, he found the sleeping keylogger. The logging function is disabled by default. However, intruders can enable it easily by modifying the registry value through malicious code. Michael reported the issue to HP, and the company released a list of the affected laptop models along with a security patch. The list contains over 400 models from HP's most popular product lines like the EliteBook, ProBook, ZBook, Spectre Pro, ENVY, Pavilion, OMEN - just mention a few. Now that the vulnerability is public, we urge HP laptop owners to install the security patch ASAP. The fix is also available on Windows Update if that's your preferred method.
Sources: ZwClose, HP
Add your own comment

15 Comments on HP Laptops Shipped with Hidden Keylogger

#2
Reeves81x
and when i try to download the patch i get this...
Your Internet access is blocked
Firewall or antivirus software may have blocked the connection.
Try:ERR_NETWORK_ACCESS_DENIED

right click and save gives me a network error. Nice.
Posted on Reply
#3
GoldenX
There is also the HP Touchpoint Analytics Client, a silent telemetry software auto installed without permission.
Posted on Reply
#4
DaSmith
No surprise. However, if you are using Windows 10 and/or Google, Facebook you are already being watched. Nothing unusual. :D
Posted on Reply
#5
GoldenX
Also Intel, AMD, Nvidia, Apple, etc...
Posted on Reply
#6
john_
HP will be on the news for all the (same over and over again) wrong reasons.
Posted on Reply
#7
xkm1948
Next up, laptop shipped with crypto mining softwares.
Posted on Reply
#8
GoldenX
Don't say things like that near a Lenovo.
Posted on Reply
#9
remixedcat
HP2000 is it on the list. I am hesitant to go on HP's sites lately after they became the only site ever to ENTIRELY CRASH SLIMJET/CHROMIUM
Posted on Reply
#10
R-T-B
xkm1948 said:
Next up, laptop shipped with crypto mining softwares.
Impossible unless they upgrade the cooling systems signifigantly. There's a reason no one mines on a laptop (fire hazard).
Posted on Reply
#11
lexluthermiester
DaSmith said:
No surprise. However, if you are using Windows 10 and/or Google, Facebook you are already being watched. Nothing unusual. :D
Microsoft? Yes. Google and Facebook do not use keystroke logging.

None of this is ok. That patch is hopefully removing the offending code instead of locking it down a little more, only to be unlocked later..
Posted on Reply
#12
Katanai
I just don't understand how people can take this shit nowadays. If half the stuff that happens today happened in the 90's there would be freaking riots over this. Today it's just like: yeah let's bend over and take it...
Posted on Reply
#13
GoFigureItOut
As long as you don't install the Synaptic drivers you're good, right? I stopped using them after I noticed the mouse pointer would behave erratic. I'd be scrolling to the left, and it would suddenly jump to the right half-way across the screen.
Posted on Reply
#15
lexluthermiester
yeeeeman said:
Who cares?
If you don't immediately understand why keystroke logging is a problem, any effort made to explain would be a waste.
Posted on Reply
Add your own comment