When it comes to pre-installed malicious software, HP (Hewlett-Packard) has a thing for them. In May this year, the tech giant was in the news after security researchers found a pre-installed keylogger in HP machines.
Now, a researcher going by the online handle of “Zwclose” has identified the presence of yet another keylogger in HP laptops providing an easy way for attackers to track every keystroke and steal personal and financial data of HP users.
The keylogger was detected in HP keyboard driver SynTP.sys (Synaptics Touchpad Driver), a part of a touchpad utility program that runs in the background and is activated once the application that houses it is launched on HP laptops.
“The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC) required),” explained Zwclose.
The location for the registry key according to the researcher is:
HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\% ProductName%\Default
Zwclose disclosed his findings to HP last month who acknowledged the presence of keylogger and maintained that it was “a debug trace” left accidentally. However, the good news is that HP has got rid of it and issued the following statement:
“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”
HP users can follow this link to HP support site and find the list of affected models and download patched drivers.
