world exit download Cross icon Menu icon

A bug was discovered in the Synaptics Touchpad driver that could be exploited by criminals to record all the keystrokes of a user, including usernames, passwords, and other privileged information. The Synaptics Touchpad driver is used in the majority of Hewlett-Packard (HP) laptops and as such HP has issued updates for over 170 commercial grade products and 290 consumer products. Hp is the only company to release updates for this issue but the Synaptics Touchpad driver is used by other companies, so more vendor updates can be expected. This bug is not currently being exploited in the wild but it can be stated with medium confidence that threat actors will quickly incorporate it into their tactics due to the release of technical details and the wide number of affected devices.

 

What should you do about it

  • Check device inventories against the HP Security Bulletin [1] for vulnerable devices
  • Apply security patches for vulnerable HP devices

 

Additional information

  • The keylogger is located in the SynTP.sys file. By default the logger is disabled but a threat actor with administrative access to the device could activate and exploit it.
  • This is not the first time that HP has been criticized for leaving keyloggers on their devices; in May the company released another patch for a similar problem found in HP’s Conexant audio drivers.

 

For a full technical analysis of the bug please see the original security release [2]:

[1] https://support.hp.com/us-en/document/c05827409

[2] https://zwclose.github.io/HP-keylogger/

 

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory, and Managed Prevention capabilities.