Previously, Hewlett Packard had a keylogger embedded in their audio driver and now there’s one found in their synaptics keyboard driver. This driver can be found on most modern HP laptops.
Vulnerability Details
Security researcher Michael Myung discovered the keylogging code in the keyboard driver while trying to control the keyboard back-light. The code looks for a registry key and if it exists, starts logging keystrokes. When contacted, HP confirmed that the keylogging code was present and have immediately released an update that removes the code. The code was intended for debugging purposes only but an attacker who had access to the victims registry would be able to leverage this debug code to steal account information, logins and so on.
Business Impact
On a scale of “critical” to “benign”, I’d rate this as mostly harmless. For the attack to be utilised, the attacker needs write access to your registry already and if they have that level of access, you’ve probably got more things to worry about. That said, you always want to reduce your attack surface, so it’s recommended you update your drivers immediately.
Remediation
Affected models and the updates for them are available on HP’s website. We will be scanning for affected models on all of our clients computers shortly and notifying those that need to take action.
If you’re not a client of ours already and you’d rather worry about making more money than keeping your systems patched, you should contact us and ask about our managed services offerings.