“Interesting” code
ZDNet reports the potential security risk was found by Michael Myng, known online as “ZwClose.” In a technical blog post, Myng explained how he came across the suspicious code while researching how to control the keyboard backlight on HP laptops. The keylogger is hidden inside the Synaptics driver for the touchpad and keyboard.
While investigating the contents of the driver, Myng noticed “a few interesting strings” that pointed to the existence of a keylogger. After decompiling the code into a readable form, the researcher was able to confirm the presence of the software and understand its operation. The keylogger was found to be disabled by default but it’s possible to turn it on using a registry key.
The inclusion of a preinstalled keylogger means HP laptop owners could be put at risk of attack. HP said the keylogging is designed to be used during a debugging backtrace, allowing the company to inspect what’s gone wrong in a program. However, criminals with nefarious intentions could create malware that turns the keylogger on, enabling them to record a user’s actions on their machine.
Fast response
Myng was unable to verify the keylogger’s functionality because he didn’t have access to an HP laptop. After failing to secure a machine to test the code on, he reached out to HP directly to report his findings. The company responded “terrifically fast,” acknowledging the presence of the keylogger and releasing an update that removes it from end user machines.
“I tried to find HP laptop for rent and asked a few communities about that got almost no replies. One guy even thought that I am a thief trying to rob someone,” Myng wrote. “So, I messaged HP about the finding. They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”
READ NEXT: Apple patches HomeKit flaw that let hackers unlock smart devices
In a comment on his blog post, Myng said the new file is over 25 percent smaller than the version that contains the keylogger. Customers can download the updated driver from HP’s website. It will also be released via Windows Update as an automatic installation for affected machines. Devices in HP’s popular EliteBook, Envy, Pavilion and ProBook lines are amongst those impacted. Over 460 models are affected in total.
The discovery comes just seven months after a similar keylogger was found inside HP’s preinstalled audio drivers. The company said the code had been mistakenly added to the driver and was not intended to be publicly released. In a separate incident last month, HP faced allegations of installing spyware on its consumer computers.
With another privacy scare now following less than a fortnight later, customers could lose trust in HP’s privacy standards. Users should install the new update as soon as possible.
