Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Keylogger Found in HP Notebook Keyboard Driver
#1
https://www.bleepingcomputer.com/news/ha...rd-driver/      Keylogger Found in HP Notebook Keyboard Driver
By Catalin Cimpanu  
December 8, 2017 03:40 PM     HP has released driver updates for hundreds of notebook models to remove debugging code that an attacker could have abused as a keylogger component.

The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.

"The logging was disabled by default but could be enabled by setting a registry value," said a security researcher going by the name of ZwClose, who discovered the flaw earlier this year.

That registry key is:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default
Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.

Just some leftover debugging code
"The keylogger saved scan codes to a WPP trace," said ZwClose. WPP software tracing is a technique used by app developers and is intended for debugging code during development.

After reporting the issue, the researcher said HP devs candidly admitted the keylogging code was a leftover from debugging sessions and "released an update that removes the trace."

This is not the first time HP engineers have forgot debugging code inside a driver. The same thing happened in May, when they left similar keylogging code inside an audio driver.

HP released a list of affected notebooks. The list is 475 models-long and includes 303 consumer notebooks and 172 commercial notebooks, mobile thin clients, and mobile workstations. Affected model lines include HP's 25*, mt**, 15*, OMEN, ENVY, Pavilion, Stream, ZBook, EliteBook, and ProBook series, along with several Compaq models.

ZwClose also published a technical analysis of the SynTP.sys file and the keylogger code for security researchers and software developers.   :( :@ Oh no Eek Mad Cry Shock 3 Faint
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CCleaner Attackers Intended To Deploy Keylogger In Third Stage mrtrout 0 1,851 03-12-2018 , 11:41 PM
Last Post: mrtrout
  Pre-Installed Keylogger Discovered on Hundreds of HP Laptop Models mrtrout 3 3,424 12-29-2017 , 04:53 PM
Last Post: HXY
  HP’s Keylogger Not a Keylogger, Says Synaptics It’s just a debug tool mrtrout 0 2,071 12-18-2017 , 08:23 PM
Last Post: mrtrout
  Keylogger Found on Nearly 5,500 Infected WordPress Sites mrtrout 0 2,364 12-07-2017 , 07:26 AM
Last Post: mrtrout
  Keylogger Found in Audio Driver of HP Laptops mrtrout 0 2,196 05-12-2017 , 03:11 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)