HP’s second laptop keylogger in less than a year


The HP laptop keylogger

Researcher Michael Myng was trying to work out how to control the backlight on an HP laptop keyboard.

What he found instead was that the keyboard driver used by 475 models of HP laptops contained a secret keylogger, capable (potentially) of stealing passwords and other confidential information.

The news made for some pretty scary headlines, and - as I discussed in a past episode of the “Smashing Security” podcast - it’s not the first time that a hidden keylogger on HP devices has caused eyebrows to be raised.

But, before you get too alarmed, bear this in mind. The keylogger in the HP Synaptics Touchpad driver (SynTP.sys) keyboard driver was not enabled by default.

It looks like, once again, debugging code was contained in a keyboard driver shipped by HP. To turn on the debug “feature” a user with admin privileges would have to make a change to the Windows registry, whereupon keystrokes would be logged to a local file.

Not a great scenario, but also not as bad as it being enabled by default, or your keypresses being beamed to a server under the control of HP or Synapatics.

HP has issued a security advisory, and pushed out updates to fix the potential security issue.

Of course you should ensure that any affected devices are patched as soon as possible, and if you’re a developer learn the lesson not to leave debug code lurking within your shipping code if it might put users’ privacy and security at risk.

And, if you really feel you do need to be seriously disgruntled about something, feel angry that HP has now made the same mistake twice in less than a year. That’s certainly something worthy of turning your CAPS-LOCK on for.

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

3 Responses

  1. Spryte

    December 13, 2017 at 11:16 am #

    HP has issued a security advisory, and pushed out updates to fix the potential security issue.

    There was a public advisory to the tech media but there was NO mention of it in my HP Support Assistant and neither were there any Pushed updates.

    I eventually did find the fix on the HP site but that was a long and arduous process.

  2. Johan

    December 13, 2017 at 12:33 pm #

    Time to swap to another operating system?

  3. drsolly

    December 15, 2017 at 12:23 am #

    my caps lock key is disabled in software.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.