Some HP laptops are hiding a deactivated keylogger
Researcher Michael Myng discovered a deactivated keylogger in a bit of software program discovered on over 460 HP laptop computer fashions. A full checklist of affected laptops is right here. The keylogger is deactivated by default however might signify a privateness concern if an attacker has bodily entry to the pc.
“Some time ago someone asked me if I can figure out how to control HP’s laptop keyboard backlight,” wrote Myng. “I asked for the keyboard driver SynTP.sys, opened it in IDA, and after some browsing noticed a few interesting strings.”
The strings led to one thing that seemed to be a hidden keylogger – a program that sends typed characters to an attacker – in a Synaptics machine driver. On condition that the decompiled code ready and despatched key presses to an unnamed goal, Myng was pretty sure he had one thing fascinating on his arms.
Fortunately, HP responded shortly.
“I tried to find HP laptop for rent and asked a few communities about that but got almost no replies,” he mentioned. “One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding. They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”
The underside line? Replace your HP laptop computer as quickly as potential. In case you are on HP’s checklist of affected laptops you’ll be able to obtain the repair right here.