HP has released driver updates for tons of of computer models to remove debugging code that an attacker could have abused as a keylogger component.
The keylogging code was latest in the SynTP.sys file, which is a part of the Synaptics Touchpad driver that ships with some HP computing device models.
“The logging changed into disabled by using default but can be enabled by using surroundings a registry value,” stated a security researcher going by way of the name of ZwClose, who found the flaw prior this 12 months.
That registry key’s:
Malware devs can use this registry key to enable the keylogging habits and undercover agent on clients the use of native kernel-signed tools, undetectable by using protection items. All they should do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts presently obtainable.
only a few leftover debugging code
“The keylogger saved scan codes to a WPP hint,” pointed out ZwClose. WPP software tracing is a strategy used by means of app developers and is intended for debugging code all through development.
After reporting the situation, the researcher pointed out HP devs candidly admitted the keylogging code changed into a leftover from debugging sessions and “released an replace that removes the trace.”
here is now not the primary time HP engineers have forgot debugging code inside a driver. The equal issue happened in might also, once they left an identical keylogging code internal an audio driver.
HP released a list of affected notebooks. The list is 475 models-lengthy and contains 303 customer notebooks and 172 business notebooks, cell thin consumers, and cellular workstations. Affected model traces encompass HP’s 25*, mt**, 15*, OMEN, ENVY, Pavilion, circulation, ZBook, EliteBook, and ProBook sequence, together with a few Compaq fashions.
ZwClose additionally posted a technical analysis of the SynTP.sys file and the keylogger code for safety researchers and software builders.