HP Laptops Found To Have Hidden Keylogger (bbc.com)

← Back to Stories (view on slashdot.org)

HP Laptops Found To Have Hidden Keylogger (bbc.com)

Posted by msmash on Monday December 11, 2017 @02:00AM from the you-have-been-warned dept.

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.

24 of 116 comments (clear)

Min score:

Reason:

Sort:

See, they did not leak any data. by 140Mandak262Jamuna · 2017-12-11 00:23 · Score: 5, Insightful

but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
It is like Yale announcing that its locks, made since 1929, could be opened by any pentalobulous screw driver, but neither Yale, nor the screwdriver maker, got any share of the loot taken by any burglar taking advantage of the flaw.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:See, they did not leak any data. by rmdingler · 2017-12-11 01:54 · Score: 4, Informative
  
  In case anyone else is curious: It's Pentalobular though, not to place too fine a penta-pedant on it.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:See, they did not leak any data. by Hal_Porter · 2017-12-11 04:49 · Score: 3, Funny
  
  Pentalobular + fabulous = pentalobulous
  Usage :
  "How are we going to open the lock on our cell?"
  "Don't worry I've got my penalobulous screwdriver?"
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Airtight hatchway, etc by Anonymous Coward · 2017-12-11 00:26 · Score: 5, Insightful

How do you end up with an attacker that can write to your registry (and also read your log files) but can't just install their own keylogger?
1. Re:Airtight hatchway, etc by TWX · 2017-12-11 02:10 · Score: 5, Insightful
  
  An attacker's own keylogger might well be recognized as malicious and blocked from communicating with the network stack or otherwise blocked by not appearing in a whitelist in a corporate environment. The trusted device driver for the keyboard would probably be whitelisted and since vendor software is usually allowed to talk to the Internet so that it can check for updates, allowed to communicate. With these in-mind, the attacker's own payload to activate the keylogger might make so few changes as to not be recognized for what it is by such security software. Also, if someone were to hack HP or Synaptics' systems they could potentially enable it subtly where it might not be obvious that it has been enabled.
  Additionally those traveling internationally with these laptops where the computer may be 'inspected' by a foreign government could find such a logger enabled and again, the security software on the computer might not recognize that it has happened while it might recognize third-party software. If that government would have a second opportunity to inspect the computer then they could retrieve the contents of the log.
  
  --
  Do not look into laser with remaining eye.
What I miss. by orlanz · 2017-12-11 00:31 · Score: 5, Insightful

This is one of the reasons I really liked the preprocessor in C. I miss #IF DEBUG / #ENDIF.
1. Re:What I miss. by KiloByte · 2017-12-11 01:02 · Score: 5, Interesting
  
  I call bullshit on this "mistake" not being intentional. Their coding practices might be bad for other reasons, but if companies add backdoors left and right, at this point it's reasonable to assume malice rather than stupidity.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
2. Re:What I miss. by 140Mandak262Jamuna · 2017-12-11 02:36 · Score: 2
  
  Sufficiently advanced stupidity is indistinguishable from malice. (mod on Arthur C Clarke.)
  
  --
  sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Access to the machine = install keylogger by Anonymous Coward · 2017-12-11 00:41 · Score: 3, Insightful

Wouldn't someone able to access the device and enable the keylogger be instead able to, you know, install a keylogger ?
Hype.
1. Re:Access to the machine = install keylogger by 110010001000 · 2017-12-11 00:50 · Score: 2, Funny
  
  HP just included it out of the box so hackers don't even have to do that. Great job, HP.
Thanks to Intel ME by ReneR · 2017-12-11 00:44 · Score: 2, Insightful

Each and every recent Intel Core-i with ME can have a very hidden key logger running in the ME the whole day, and even sending them out on the NIC. Say NO to hidden "security" backdoor processors, and "military grade" *lol* trust zones, ....
The NSA loses another preferred partner tool by sasparillascott · 2017-12-11 01:11 · Score: 5, Insightful

Just like the things we saw with the networking folks, another vendor says oops look at this surveillance tool we just happened to have left in our production stack we've been putting on all our machines for years. Time for someone to look at Dell and see if they've made the same "mistake".
1. Re: The NSA loses another preferred partner tool by Zero__Kelvin · 2017-12-11 01:26 · Score: 4, Interesting
  
  Every vendor that ships Windows 10 ships their product with a surveillance tool. At least this one can be and is disabled.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:repost? by KiloByte · 2017-12-11 01:27 · Score: 4, Informative

isnt this a repost from May
Nope, this is a second keylogger. The one from May was in audio driver, this one is in the keyboard driver. Mentioned in the article -- have you read it before responding?

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Re:repost? by Anonymous Coward · 2017-12-11 01:41 · Score: 2, Funny

Perhaps it's in one of HP's libraries?
#include "stdkeylogger.h"
Which driver versions included the 'flaw'? by Palmateer · 2017-12-11 01:42 · Score: 3, Interesting

So I own two of the laptops listed. They both originally came with Win7. I've rebuilt them clean with Win10 which installed a Synaptics driver on its own which is a waay newer version than what HP originally shipped or any updates they previously provided for Win7. Does anyone know if there's a test to see if the version you have is affected? Now HPs offering a softpaq with a new driver. If I install that one is Windows Update going to clobber it when the next one comes out? Will the Windows Update versions include the 'fix'?
1. Re:Which driver versions included the 'flaw'? by Luckyo · 2017-12-11 02:08 · Score: 3, Insightful
  
  You already installed win10, which comes with built in microsoft keylogger, among other monitoring implements that call home. Your worry is like worrying about getting wet from crying after your ship sank and you're floating in the ocean.
Same "accident" twice? by Holi · 2017-12-11 01:55 · Score: 4, Informative

Sorry but how the hell do you allow this to happen twice?

http://www.zdnet.com/article/k...

Maybe it's time for law enforcement to get involved.

--
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Isn't this old news? by normanjd · 2017-12-11 02:32 · Score: 2

When the original keylogger problem was discovered a few months ago, HP said it was because someone left the debug "feature" for keylogging turned on by accident. So why is everyone surprised it exists, at least in the old versions?
1. Re:Isn't this old news? by Desler · 2017-12-11 02:49 · Score: 3, Informative
  
  Because this is about a different driver having a keylogger. So, no, it’s not old news.
2. Re:Isn't this old news? by e432776 · 2017-12-11 03:29 · Score: 2
  
  The optimist in me wants to think that in response to the last keylogger (in the audio driver) HP did an audit and found this other "oops" in the Synaptics driver. Actually, that would be good spin. Unfortunately, I think systematic incompetence is more likely. Wonder if other drivers have this "feature" enabled, perhaps on machines from other vendors...
Comment removed by account_deleted · 2017-12-11 02:33 · Score: 2

Comment removed based on user account deletion
Re:pwd helper by RavenLrD20k · 2017-12-11 02:46 · Score: 2

Seems like you'd have trouble finding your way out of the ../paper/bag directory if you need to call HP support for help understanding the output of the pwd command. Maybe *NIX isn't for you.
A year too late. The election is over by raymorris · 2017-12-11 04:49 · Score: 2

In case you missed it, the election was over a year ago. Slashdot even had stories about it.
https://politics.slashdot.org/...
https://politics.slashdot.org/...
"Trump would _______ [whatever]" isn't helpful at this point; it only serves to get your blood pressure up.
If you just can't get enough of presidential politics, you could start looking at who might be good in 2020, because that's the next election. Or seek counseling because the whole thing is bull, and not good to focus on 24/7/365. Taking a break for a couple years might be good.