For the second time this year, HP has been forced to issue an emergency fix for pre-installed keylogger software.
Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.
The bug was discovered by Michael Myng, also known as "ZwClose."
The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.
In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.
While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code -- including Trojans -- could take advantage of the keylogging system to spy on users.
"I messaged HP about the finding," Myng said. "They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace."
HP has acknowledged the issue.
In a security advisory, HP said:
Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.
The researcher said that a fix will also be included in Windows Update.
Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.
Source:
http://www.zdnet.com/article/keylogger-uncovered-on-hundreds-of-hp-pcs/#ftag=RSSbaffb68
Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.
The bug was discovered by Michael Myng, also known as "ZwClose."
The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.
In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.
While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code -- including Trojans -- could take advantage of the keylogging system to spy on users.
"I messaged HP about the finding," Myng said. "They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace."
HP has acknowledged the issue.
In a security advisory, HP said:
A CVSS score of 6.1 has been issued, together with updated firmware and drivers for hundreds of laptops, both commercial and consumer.
Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.
The researcher said that a fix will also be included in Windows Update.
Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.
Source:
http://www.zdnet.com/article/keylogger-uncovered-on-hundreds-of-hp-pcs/#ftag=RSSbaffb68
