Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Laptops Found To Have Hidden Keylogger (bbc.com)

Posted by msmash on from the you-have-been-warned dept.

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.

9 of 116 comments (clear)

  1. See, they did not leak any data. by 140Mandak262Jamuna · · Score: 5, Insightful

    but it said neither Synaptics nor HP had access to customer data as a result of the flaw.

    It is like Yale announcing that its locks, made since 1929, could be opened by any pentalobulous screw driver, but neither Yale, nor the screwdriver maker, got any share of the loot taken by any burglar taking advantage of the flaw.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  2. Airtight hatchway, etc by Anonymous Coward · · Score: 5, Insightful

    How do you end up with an attacker that can write to your registry (and also read your log files) but can't just install their own keylogger?

    1. Re:Airtight hatchway, etc by TWX · · Score: 5, Insightful

      An attacker's own keylogger might well be recognized as malicious and blocked from communicating with the network stack or otherwise blocked by not appearing in a whitelist in a corporate environment. The trusted device driver for the keyboard would probably be whitelisted and since vendor software is usually allowed to talk to the Internet so that it can check for updates, allowed to communicate. With these in-mind, the attacker's own payload to activate the keylogger might make so few changes as to not be recognized for what it is by such security software. Also, if someone were to hack HP or Synaptics' systems they could potentially enable it subtly where it might not be obvious that it has been enabled.

      Additionally those traveling internationally with these laptops where the computer may be 'inspected' by a foreign government could find such a logger enabled and again, the security software on the computer might not recognize that it has happened while it might recognize third-party software. If that government would have a second opportunity to inspect the computer then they could retrieve the contents of the log.

      --
      Do not look into laser with remaining eye.
  3. What I miss. by orlanz · · Score: 5, Insightful

    This is one of the reasons I really liked the preprocessor in C. I miss #IF DEBUG / #ENDIF.

  4. Access to the machine = install keylogger by Anonymous Coward · · Score: 3, Insightful

    Wouldn't someone able to access the device and enable the keylogger be instead able to, you know, install a keylogger ?

    Hype.

  5. Thanks to Intel ME by ReneR · · Score: 2, Insightful

    Each and every recent Intel Core-i with ME can have a very hidden key logger running in the ME the whole day, and even sending them out on the NIC. Say NO to hidden "security" backdoor processors, and "military grade" *lol* trust zones, ....

  6. The NSA loses another preferred partner tool by sasparillascott · · Score: 5, Insightful

    Just like the things we saw with the networking folks, another vendor says oops look at this surveillance tool we just happened to have left in our production stack we've been putting on all our machines for years. Time for someone to look at Dell and see if they've made the same "mistake".

  7. "Attacker w/ access to the computer" Then so what? by PeterM+from+Berkeley · · Score: 1, Insightful

    So an attacker with access to the computer could turn on HP's built-in keylogger.

    Couldn't that same attacker with access to the computer install and turn on his own keylogger, which is probably to his preference because it works with the rest of his toolkit seamlessly on any model of computer instead of just on HPs?

    So, what's the impact exactly?

    This reminds me of promiscuous mode on ethernet interfaces. Debugging tool with security implications that is turned off by default. Useful. Not a big deal. Useful in fact for spotting hackers, because they might turn it on and not hide it. You notice your interface is in promiscuous mode? You know something is up.

    I just can't get worked up about this. It's like they just left some debugging tools around, and yes, nearly any debugging tool can be turned to evil uses, but so can the OS itself if it's been compromised by "a local attacker".

  8. Re:Which driver versions included the 'flaw'? by Luckyo · · Score: 3, Insightful

    You already installed win10, which comes with built in microsoft keylogger, among other monitoring implements that call home. Your worry is like worrying about getting wet from crying after your ship sank and you're floating in the ocean.