14 DAY TRIAL // HP has recently come under fire for allegedly bundling a keylogger into its drivers, allowing the company or cybercriminals who could hijack it to record every keystroke of the user.
But Synaptics, the company that builds and provides TouchPads for HP and other OEMs on the market, says the keylogger in question isn’t actually a keylogger, as it was implemented solely with the purpose of serving as a debug tool.
In a security brief published recently, Synaptics says HP isn’t the only company that offers drivers with this debug tool included by default, but all OEMs featuring its hardware.
“Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions,” the firm says.
Debug tool removed from driver updates
However, the debug tool was turned off after production and before shipment, the company continues, so users should be secure, though it’s been demonstrated that it can be re-activated and used for more malicious practices.
Synaptics explains it’s not aware of any breach of security caused by or related to this debug tool, adding that given the concerns regarding the software it decided to remove it completely from its drivers.
“Synaptics will take the precautionary steps of defeaturing the debug tool for production drivers to further prevent the tool from being used in an unintended and malicious way. Synaptics would like to apologize for any concerns that our debug tool may have raised,” the company said.
The firm says its debug tool has a security risk of 2 out of 10 and it is now working with PC partners to ship updated drivers that do not include this functionality.