HP Laptops Have A Hidden Keylogger

[rstofer]

This may be old news but since it is the computer buying season, maybe it's important enough to reopen:

http://www.bbc.com/news/technology-42309371

HP laptops have a hidden keylogger. I was seriously considering adding a couple of HP All-In-Ones to my ever expanding collection of PCs and had planned to head over to Best Buy today.  I think I'll give HP a pass even though the logger is only known to be on laptops.  It's pretty clear that I can't trust HP drivers.

[imidis]

These days I don't know if people are all that aware. I mean people are buying hot mics now.... On purpose! 

[Jeroen3]

Sensational headline.

The laptop Synaptic driver had an debug option to be able to be used as a keylogger.

Source:
https://zwclose.github.io/HP-keylogger/

At this point I had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.

[rstofer]

As I read the article, HP confirms that the code exists.  It probably shouldn't be in the release code.  As a result, one would have to wonder if HP even has a Quality Control group.  Through downsizing, who knows?  Sure, it's Synaptic's code but HP is responsible for what they release.

It's kind of a shame this came up.  I really wanted a couple of 27" Touch Screen All-In-Ones and the HP price is far better than similar offerings from Dell.  I guess I'll put that project on back-burner for the time being.

[rrinker]

 I would not use this as a reason to suddenly not buy the machines you want. Seems kind of silly, shooting yourself in the foot type of thing.

It's Synaptic's code, not HPs. It's not logging anything by default, AND, while I didn't read that article, I hit a different one that linked to HP's list of affected system which includes a download link for a repaired driver withotu the keylogger

https://support.hp.com/us-en/document/c05827409

Fixed my work laptop hours ago.

Though I always have the touchpad disabled anyway - can't stand those stupid things.

[edavid]

In most (all?) cases you don't even need the Synaptics driver to use the touchpad... the standard Windows PS/2 mouse driver will work if you don't need the not-all-that-useful extra features of the Synaptics driver.

And, HP is claiming that it's not an HP specific problem, so it makes even less sense to avoid HP for this.

[CJay]

Well I have over 600 affected machines on *my* bit of the corporate estate, there'll be a patch rolled out over the next few days but the reaction from the Infosec team so far seems to be 'storm in a teacup'.

And as RRinker said, it's not HP's code, it's Synaptic's code so it's possibly going to have affected an awful lot more manufacturers.

I of course only post my thoughts here and none of my words here represent official policy of my employer etc. I would highly recommend anyone using Synaptics drivers on *any* hardware to check for updates and patches.

[Mr. Scram]

As long as Intel ME is active, a simple keylogger shouldn't be much to worry about. You know, since we're talking about potential risks and all.

[Jeroen3]

In most (all?) cases you don't even need the Synaptics driver to use the touchpad... the standard Windows driver will work if you don't need the not-all-that-useful extra features of the Synaptics driver.

Windows Update most likely installs a severely outdated version of the Synaptics driver.

[IanMacdonald]

A far more serious issue of that kind is that HTTPS does not protect against keyloggers and the like if the website has third party adverts on it.

http://iwrconsultancy.co.uk/blog/https

Serious, because people have been encouraged to put a lot of faith in HTTPS, whereas in the real Web environment it gives about as much protection as a wet paper bag would provide against a claidheamh-mòr. 

[rstofer]

In most (all?) cases you don't even need the Synaptics driver to use the touchpad... the standard Windows driver will work if you don't need the not-all-that-useful extra features of the Synaptics driver.

And, HP is claiming that it's not an HP specific problem, so it makes even less sense to avoid HP for this.

The problem belongs to HP.  It's their name on the box and they pre-install the driver.  I can see where they would want to blame the problem on a subcontractor (and Synaptic did create the problem) but that just won't fly.  It's an HP product and they own all of the issues.  We learn that in "Bug's Life".

[Ampera]

I'd sooner buy an HP calculator than an IBM compatible by HP, which isn't wrong as I own three HP calculators, and zero HP PCs.

[CJay]

The problem belongs to HP.  It's their name on the box and they pre-install the driver.  I can see where they would want to blame the problem on a subcontractor (and Synaptic did create the problem) but that just won't fly.  It's an HP product and they own all of the issues.  We learn that in "Bug's Life".

At the moment HP are the only ones to have owned the problem but, I read what they are saying to mean the code is likely to be included in drivers used by other manufacturers too.

I have a feeling they may be right.

[BrianHG]

Microsoft just released a system malicious software removal tool update only on my HP laptops 2 days ago. (Win7pro)  Is it a patch?
None of my other win7pro PC systems had any forced updates...

[rrinker]

 The Malicious Removal Tool is usually updated every month. How useful it actually is these days is questionable.

[David Hess]

This is the *second* time HP has gotten caught installing a keylogger on their laptops.  The previous incident was a different piece of software.

[Electro Detective]

Wouldn't a v!rus scan of the hard drive show up the keylogger? 

then you just nuke it and install a clean driver,

basically anything non-conflict that works, without the latest update shmupdate merry-go-round security  BS   

[BrianHG]

The Malicious Removal Tool is usually updated every month. How useful it actually is these days is questionable.

This one was separate from yesterday's monthly one...

[Jeroen3]

Wouldn't a v!rus scan of the hard drive show up the keylogger? 

then you just nuke it and install a clean driver,

basically anything non-conflict that works, without the latest update shmupdate merry-go-round security  BS   

No. Because this keylogger was just a line of core reporting the scancodes to the windows tracer Those are built-in features.

[bingo600]

Seems like the Lenovo's have the code too (synaptic) , just inactive by default

/Bingo

[CJay]

Oh, Lenovo too?

What's that Skippy?

If only someone could have predicted it wasn't a HP only problem?

At the moment HP are the only ones to have owned the problem but, I read what they are saying to mean the code is likely to be included in drivers used by other manufacturers too.

I have a feeling they may be right.