HP laptops have been blighted by another keylogger (following the discovery of one in the firm’s notebooks earlier this year), with the issue affecting almost 500 devices – and it could even affect other manufacturers’ portables.
A keylogger is capable of stealthily recording everything the user types on the keyboard (like logins and passwords), so this is clearly a major problem. Security researcher Michael Myng made the discovery, with the security flaw nestled deep in the Synaptics Touchpad driver.
The keylogger is turned off by default, but can be enabled by modifying a registry value. Apparently it was put in there as part of debugging functionality, but should (obviously) have been stripped out for the production driver.
HP acted quickly to patch the problem, and listed the affected laptops, which number around 460 models. They include HP Envy, Omen, Pavilion, Spectre, Stream, EliteBook, ProBook, ZBook models and more. Check here for the full list, and the relevant updated driver you should download and install to cure the problem.
More notebooks affected?
HP noted: “A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”
As observed, this issue could affect other manufacturers’ laptops which have the same Synaptics Touchpad driver, if they haven’t already been patched. So if you have a Synaptics touchpad on a non-HP laptop, it’s worth keeping your eyes peeled for any news of an issue (and indeed a fix if that’s the case).
It’s really not been a good year for HP given that the firm was also hit by a keylogger buried in a Conexant audio driver back in May. And at the end of last month, there was the whole fracas about alleged spyware installed on HP laptops in the form of the firm’s own Touchpoint Analytics service.