HP has a very bad history of "accidentally" keyloggers being installed on its customers' laptops.
At least twice this year, HP laptops were found to have pre-installed keylogger or spyware applications.
First came one tweet by security researcher ZwClose who allegedly found built-in keyloggers on several HP laptops.
Later he published his findings.
Security researcher ZwClose has discovered a keylogger on various Hewlett-Packard (HP) laptops that could allow hackers to record every click of their keys and steal sensitive data such as passwords, account information, and credit card details .
Keylogger was incorporated into the SynTP.sys file, a part of the Synaptics Touchpad driver that comes with HP notebooks, leaving more than 460 HP notebook notebooks vulnerable to hackers.
Although keylogger is disabled by default, malicious users could use available open source tools to bypass User Account Control (UAC) to enable built-in keylogger by "setting a registry value."
The location of the key:
- HKLM \ Software \ Synaptics \% ProductName%
- HKLM \ Software \ Synaptics \% ProductName% \ Default
The researcher reported the keylogger to HP last month and the company acknowledged his presence, saying it was in fact a "debug trace" that was accidentally released but has now been removed.
"A potential security vulnerability has been identified with some Synaptics touchpad driver versions that affect all Synaptics OEM partners", Says HP in Advisory which he issued, calling the keylogger as a possible local loss of confidentiality.
"The party would need administrator rights to exploit the vulnerability. "Neither Synaptics nor HP have access to our customer data on this issue."
The company released an updated drivers for all affected HP Notebook models. So if you use an HP laptop, it is better to install the updates available for your model. The list of affected HP models is on HP support page.
As mentioned before, it is not the first time Found on HP laptops. In May of this year, an embedded keylogger was found in an HP audio driver that could record all user keystrokes and store them in a file that was readable by humans.