HP Includes a Keylogger with Their Laptops

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
It appears that HP includes a keylogger with their laptops that they say was used by the Synaptics software for debug purposes. Michael Myng, the researcher who discovered the keylogger, says it is disabled by default but could be turned on by an attacker that gets access to the machine. HP has issued a patch to remove this, but be aware this vulnerability affects machines dating back to 2012. You can check out Myng's blog entry here. Here's the full list of affected devices.

According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
 
Pretty sure it was sold to decision makers without mention of this as a use for the software. At least they fixed it right away. Lenovo....
 
So they sold you a house and left a key under the front mat for anyone smart enough to find it, hmm.
 
I swear I read about this like 2 or 3 months ago. Its part of a driver suit that they use.
 
I swear I read about this like 2 or 3 months ago. Its part of a driver suit that they use.

Yeah well now the list of affected devices is longer, and there is a patch to disable from HP, which is different than last go round.
 
I swear I read about this like 2 or 3 months ago. Its part of a driver suit that they use.

I think that was an audio driver. I had to go out and update the driver on a bunch of ProBook 430 units. This time I'm ok, since I'm not using HP's Synaptics driver with Microsoft's Deployment Tool...at least until Lenovo says THEIR drivers are messed up too!
 
At a company I worked at long ago, we basically had a keylogger built into some of our software. I think you just had to start up a process with a -D flag to put it into debug mode. It wrote everything out to a text file which you would share with support. I do recall it had plain text users/passwords. Ironically, this was part of the security suite we sold...oops. I know that was removed at some point after clients found out about it.
In our case, I think tech support added this while working on a customer issue and somehow the change slipped through the cracks and entered production code. To their credit, they did institute real build practices after a few incidents like this occurred.
 
I think that was an audio driver. I had to go out and update the driver on a bunch of ProBook 430 units. This time I'm ok, since I'm not using HP's Synaptics driver with Microsoft's Deployment Tool...at least until Lenovo says THEIR drivers are messed up too!
Sounds like a lot of drivers they installed have this hidden in it.....
 
if an attacker gets access to the machine, this little piece of software is the least of your concerns

LOL
You are missing the point.
An attacker has to do very little to gain access to information that can strip your bank account bare and put you into a huge credit black hole.
The software to grab this data is already installed, has been whitelisted and is running.
All they need do is redirect the keylogger output to an IP address.
Its far more likely they will remain undetected when most of the groundwork is already done.
 
With an ssd and staying current on my elitebook folio win 10 is buttery smooth.

Just use softpaq updater and no problems.

I must be part unicorn to have had so few issues.

Its even on older 9470m.
 
This is the part where it all goes horribly wrong...in 5...4...3...2...
 
Back
Top