Keylogger found in Synaptics driver on HP laptops

Get a copy of the upcoming book "Secure Operations Technology"

For the second time this year, a security researcher unearthed a keylogger in a driver used on a number of HP laptops.

keylogger Synaptics driver HP laptops

The first time was earlier this year, when Swiss security firm modzero AG discovered a keylogger in Conexant HP audio drivers that stored records of keystrokes in a file in the public folder, unencrypted.

This time, the keylogger was spotted by security researcher Michael Myng (aka “ZwClose”) while rifling through the Synaptics Touchpad SynTP.sys keyboard driver.

“The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required),” he noted.

Setting the required registry value can be easily performed by malware (e.g. remote access Trojans), which can then use the keylogger to harvest sensitive information entered by the user.

Myng reported his finding to HP. “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace,” he shared.

This was almost a month ago. HP made sure to note that “neither Synaptics nor HP has access to customer data as a result of this issue.”

Over 460 HP laptop models were affected by the flaw (the complete list is given in the security advisory).

But, according to HP, the issue affects all Synaptics OEM partners, so hopefully other laptop makers will push out update soon – if they haven’t already.