December 11, 2017

Security Researcher Discovers Pre-Installed Keylogger In Hundreds Of HP Laptop Models

Do you own an HP laptop? Then it may be silently recording everything you are typing on your keyboard. Yes, a security researcher named ZwClose, discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords.



The keylogger, which actually was a debug trace has been identified with certain versions of Synaptics touchpad drivers that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers.

The security researcher was looking for the driver to see if he could adjust the backlighting of HP laptop keyboards. Then, a line in the SynTP.sys keyboard driver caught his attention. More digging into it showed him that the driver “saved scan codes to a WPP trace” (Windows software trace preprocessor).


Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) prompts to enable built-in keylogger “by setting a registry value.”

Here’s the location of the registry key:



The researcher reported the keylogger component to HP, and the company acknowledged the presence of keylogger, saying it was actually “a debug trace” which was left accidentally but has now been removed.

To address the potential security vulnerability, HP had released an update that removes the trace. The list of affected HP models and fixed drivers can be found at the HP Support website. The update also available via Windows update.

This is not the first time when a keylogger is found to be lurking on HP computers. In May this year, HP had to issue a fix after researchers discovered a keylogger monitoring keystrokes in an audio driver package installed on nearly 30 models of HP computers and storing them in a human-readable file.

About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}