Η hp έχει μια πολύ άσχημη προϊστορία στους “κατά λάθος” εγκατεστημένους keyloggers στους φορητούς υπολογιστές των πελατών της.
At least twice this year, the laptops of HP were found to have pre-installed keylogger or spyware applications.
First came one tweet by security researcher ZwClose who allegedly found built-in keyloggers on several HP laptops.
Later he published his findings.
Security researcher ZwClose has discovered a keylogger on various Hewlett-Packard (HP) laptops that could allow hackers to record every click of their keys and steal sensitive data such as passwords, account information, and credit card details .
Keylogger was incorporated into the SynTP.sys file, a part of the Synaptics Touchpad driver that comes with HP notebooks, leaving more than 460 HP notebook notebooks vulnerable to hackers.
Although the keylogger is disabled by default, malicious users could use available open source tools to bypass User Account Control (UAC) to enable the built-in keylogger "by setting a value registeruh.”
The location of the key:
- HKLM \ Software \ Synaptics \% ProductName%
- HKLM \ Software \ Synaptics \% ProductName% \ Default
Ο ερευνητής ανέφερε τον keylogger στην HP τον περασμένο μήνα και η εταιρεία αναγνώρισε την παρουσία του, λέγοντας ότι ήταν στην πραγματικότητα ένα “debug trace” το οποίο αφέθηκε τυχαία, αλλά τώρα έχει αφαιρεθεί.
"A potential security vulnerability has been identified with some Synaptics touchpad driver versions that affect all Synaptics OEM partners", Says HP in Advisory which he issued, calling the keylogger as a possible local loss of confidentiality.
"The party would need administrator rights to exploit the vulnerability. "Neither Synaptics nor HP have access to our customer data on this issue."
The company released an updated version drivers για όλα τα μοντέλα Notebook HP που επηρεάζονται. Έτσι αν usest HP laptop, it is better to install the updates available for your model. The list of affected HP models is available at HP support page.
As mentioned before, it is not the first time Found on HP laptops. In May of this year, an embedded keylogger was found in an HP audio driver that could record all user keystrokes and store them in a file that was readable by humans.