Keyloggers that are able to record user keystrokes pose privacy and security threats. It was claimed that 460 HP laptops include a bug – the Synaptics software that controls keyboard and trackpad inputs.
However, the latest news about HP laptops that contain a secret keylogger, according to Synaptics, is inaccurate. The statement released last week indicated that the software was mischaracterized as a keylogger. The debugger that doubles as a keylogger also will be removed from Synaptics Touchpad Driver.
The bug in the software was discovered by security researcher Michael Myng, also known as ZwClose.
“HP had a keylogger in the keyboard driver. The logging was disabled by default but could be enabled by setting a registry value (UAC required).”
In response, HP provided a security bulletin and a patch.
“A potential security vulnerability has been identified with certain versions of Synaptics Touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability”.
Synaptics refused to provide any information or comments on the bug. However, the company released a statement recently.
Synaptics is aware of articles that were published where it was purported that there was a ‘keylogger’ in our Touchpad drivers. This is inaccurate. Our debug tool was mischaracterized in the articles as ‘keylogger’
It also continued:
Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the Touchpad. This debug feature is a standard tool for all Synaptics drivers across PC OEMs and is currently present in production versions. This debug tool was turned off after production and prior to shipment. After shipment, the supplier or user may wish to further tune and enhance the Touchpad experience by enabling the debug tool. The debug tool cannot be turned on or used except by a person with Admin access and special developer tools. When turned on, the debug tool collects data in a proprietary binary format for a rolling memory buffer that gets either overwritten or deleted every time a power event happens.
Synaptics also apologized to consumers for raised concerns about the debug tool. In addition, the company will remove the tool in order to ensure the safety of the Synaptics Touchpad Driver.
According to HP, laptop models that contained the debug tool included EliteBook, HP Pavilion, and ZBook.
According to the security researcher ZwClose, “The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).”
The WPP trace method is used to debug a code. M. Myng enabled a keylogging feature in Synaptics touchpad driver by changing the value in the Windows registry.