Hundreds of laptop models from HP shipped with keyloggers, again

If HP needs ideas on a New Year's resolution, how about no more keyloggers in 2018? We bring this up because as 2017 comes to a close, HP is once again issuing a patch to address keylogging code found in preinstalled software drivers on some of its laptops.

The last time this happened, it was related to a Conexant audio driver on dozens of laptop models. This time it has to do with the keyboard and touchpad, and it affects 460 laptop models dating back to 2012.

Security researcher Michael Myng discovered the hidden keylogger when someone asked him if he could figure out a way to control HP's keyboard backlight. 

"I asked for the keyboard driver SynTP.sys, opened it in IDA and after some browsing noticed a few interesting strings," Myng explains.

Those "interesting strings" turned out to be a dormant keylogger that is disabled by default. However, an attacker with access to an affected model could enable it to record a user's keystrokes.

"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue," HP stated in a security bulletin.

Some of the affected models include HP's EliteBook, Pavilion, ProBook, ZBook, Envy, and Spectre. Many older Compaq models are on the list as well.

There are separate updates available for the many different models. You will need your laptop's model number to grab the right one. Once you have that, scroll down the security bulletin until you find your model and download the accompanying update.