Hewlett-Packard Pre-Installed Keylogger

A bug was discovered in the Synaptics Touchpad driver that could be exploited by criminals to record all the keystrokes of a user, including usernames, passwords, and other privileged information. The Synaptics Touchpad driver is used in the majority of Hewlett-Packard (HP) laptops and as such HP has issued updates for over 170 commercial grade products and 290 consumer products. Hp is the only company to release updates for this issue but the Synaptics Touchpad driver is used by other companies, so more vendor updates can be expected. This bug is not currently being exploited in the wild but it can be stated with medium confidence that threat actors will quickly incorporate it into their tactics due to the release of technical details and the wide number of affected devices.

What should you do about it

• Check device inventories against the HP Security Bulletin [1] for vulnerable devices
• Apply security patches for vulnerable HP devices

Additional information

• The keylogger is located in the SynTP.sys file. By default the logger is disabled but a threat actor with administrative access to the device could activate and exploit it.

• This is not the first time that HP has been criticized for leaving keyloggers on their devices; in May the company released another patch for a similar problem found in HP’s Conexant audio drivers.

For a full technical analysis of the bug please see the original security release [2]:

[1] https://support.hp.com/us-en/document/c05827409

[2] https://zwclose.github.io/HP-keylogger/