HP releases Synaptics driver update that removes disabled keylogger

HP released updates for Synaptics touchpad drivers recently for HP notebooks that removes a disabled keylogger from the driver.

Again, HP? A security researcher disclosed on GitHub that he discovered a keylogger in the keyboard driver of HP notebooks. While deactivated by default, anyone with elevated access to the machine could enable the logging of keyboard input by setting Registry values.

The discovery happened by accident according to the researcher as he was analyzing the keyboard driver to find out how the keyboard's backlit was controlled. A check in IDA, a cross-platform disassembler and debugger revealed a format string for a keylogger. Further analysis confirmed the assumption, and that the keylogger was not active by default.

It did however check locations in the Registry, and the researcher assumed that the correct values would activate the keylogger on the device. Assumed, because it was not possible to test the theory without a HP notebook that had the driver installed.

The Registry locations are:

• HKLM\Software\Synaptics\SynTP
• HKLM\Software\Synaptics\SynTP\Default
• HKLM\Software\Synaptics\PointerPort
• HKLM\Software\Synaptics\PointerPort\Default

HP did confirm the issue when contacted about it though and stated that it was a debug trace. The company released a list of affected notebooks and driver updates for these notebooks that resolve the issue by removing the trace from the driver.

HP customers who use one of the affected notebooks are asked to download the updated driver and install it on machines affected by the issue. The HP support page lists business and consumer notebooks affected by the issue.

Affected notebooks include HP G4, G5 and G6 devices, EliteBook and Elitebook Folio devices, HP mt* thin clients, HP ProBook laptops , HP zBook mobile workstations, various Compaq notebooks, HP 15* and HP17* notebooks, HP ENVY devices, and HP Pavilion and Omen devices.

Basically, if you own a HP notebook or use one at work, search for it on the HP support page to find out if a driver update for it is available.

According to the researcher, the update is also distributed via Windows Update.

This is not the first issue of its kind that HP had to deal with this year. In April, researchers discovered a vulnerability in HP audio drivers that recorded all keystrokes made by the user and reacted to functions concerning the microphone, and dumped the data in a publicly accessible folder in the file C:\Users\Public\MicTray.log.

HP has been in the news last month as well when customers of HP products started to report signs of a Telemetry service.

Closing Words

I'm not sure what to make of all of this. It is bad quality controlling over at HP that is causing all these issues?

Now You: Are you affected by the issue? What's your take on this?