HP has a very bad history of "accidentally" keyloggers being installed on its customers' laptops.
Τουλάχιστον δύο φορές αυτό το έτος, οι φορητοί υπολογιστές της HP βρέθηκαν να έχουν προεγκατεστημένες εφαρμογές keylogger or spyware.
First came one tweet by security researcher ZwClose who allegedly found built-in keyloggers on several HP laptops.
Later he published his findings.
Security researcher ZwClose discovered a keylogger on several of her laptops Hewlett-Packard (HP), which could allow hackers to record your every keystroke and steal sensitive data such as passwords access, account information and credit card information.
The keylogger was found embedded in the SynTP.sys file, a part of the Synaptics Touchpad driver that ships with HP laptops, leaving more than 460 models HP notebooks vulnerable to hackers.
Although keylogger is disabled by default, malicious users could use available open source tools to bypass User Account Control (UAC) to enable built-in keylogger by "setting a registry value."
The location of the key:
- HKLM \ Software \ Synaptics \% ProductName%
- HKLM \ Software \ Synaptics \% ProductName% \ Default
The researcher reported the keylogger to HP last month and the company acknowledged his presence, saying it was in fact a "debug trace" that was accidentally released but has now been removed.
"A potential security vulnerability has been identified with some Synaptics touchpad driver versions that affect all Synaptics OEM partners", Says HP in Advisory which he issued, calling the keylogger as a possible local loss of confidentiality.
"The party would need administrator rights to exploit the vulnerability. "Neither Synaptics nor HP have access to our customer data on this issue."
The company has released an updated version of drivers for all affected HP Notebook models. So if you are using an HP laptop, you better install them updates available for your model. The list of affected HP models is available at HP support page.
As mentioned before, it is not the first time Found on HP laptops. In May of this year, an embedded keylogger was found in an HP audio driver that could record all user keystrokes and store them in a file that was readable by humans.
