Over 460 HP Laptop Models Shipped with Keylogger

465208-dimensions HP Omen PCMag

OEMs aren’t particularly good at security, but HP’s recent problems deserve some kind of award. The company has been shipping a keylogger on at least 460 laptop models, and while it’s disabled by default, enabling it is as simple as flipping a registry switch.

Security researcher Michael Myng (aka ZwClose) found the bug while looking for a way to control HP’s keyboard backlight. During his search, Myng found data suggesting there could be a keylogger embedded in HP systems (the phrase KeyboardHookCallback was a hint to the function of the capability). The relevant registry keys were located at:

HKLMSoftwareSynaptics%ProductName%
HKLMSoftwareSynaptics%ProductName%Default

Strings

Image by ZwClose

HP has released an update for the flaw, saying:

A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.

It’s true the attacker would’ve needed Administrative access, but that’s less difficult than you might think. What the attacker actually needed was for a user to click “Yes,” on a UAC box. It’s not difficult to get people to do that, seeing as they rarely understand what UAC is or what it does anyway. It remains a prime example of security theater rather than a functional product that provides any benefit for the end user. According to HP, this keylogger was used for diagnostic purposes, but should’ve been removed before systems ever shipped.

To HP’s marginal credit, it avoided shipping systems with the keylogger enabled, but problems like this are part of why securing systems is so difficult to begin with. It’s not enough to simply update your OS and run regular scans — OEM systems from Dell, to HP, to Lenovo often haven’t been audited to make sure they’re closing their own loopholes. In this case, the update is also being pushed through Windows Update, which should help some people lock down their systems.

We’re not kidding about up to 460 models being affected by this, but we’ll shortcut it for you: If you have an HP laptop, hie thee to this webpage, search to see if your model is listed, and apply the relevant fix. We’d recommend doing this as opposed to waiting for Windows Update, since then you’ll know the fix has been applied, rather than hoping it was rolled into the WU update and took properly. This fix shouldn’t have any impact on your touchpad performance in any fashion.