Researcher Michael Myng was trying to work out how to control the backlight on an HP laptop keyboard.
What he found instead was that the keyboard driver used by 475 models of HP laptops contained a secret keylogger, capable (potentially) of stealing passwords and other confidential information.
The news made for some pretty scary headlines, and – as I discussed in a past episode of the “Smashing Security” podcast – it’s not the first time that a hidden keylogger on HP devices has caused eyebrows to be raised.
But, before you get too alarmed, bear this in mind. The keylogger in the HP Synaptics Touchpad driver (SynTP.sys) keyboard driver was not enabled by default.
It looks like, once again, debugging code was contained in a keyboard driver shipped by HP. To turn on the debug “feature” a user with admin privileges would have to make a change to the Windows registry, whereupon keystrokes would be logged to a local file.
Not a great scenario, but also not as bad as it being enabled by default, or your keypresses being beamed to a server under the control of HP or Synapatics.
HP has issued a security advisory, and pushed out updates to fix the potential security issue.
Of course you should ensure that any affected devices are patched as soon as possible, and if you’re a developer learn the lesson not to leave debug code lurking within your shipping code if it might put users’ privacy and security at risk.
And, if you really feel you do need to be seriously disgruntled about something, feel angry that HP has now made the same mistake twice in less than a year. That’s certainly something worthy of turning your CAPS-LOCK on for.