Skip to main content

Patch your HP laptops — the keyboard may have a keylogger installed

HP laptops
Image used with permission by copyright holder
HP issued a patch for its Synaptics touchpad driver last month to fix a potential keylogger issue, but it may be more widely problematic than initially expected. The keylogger security researchers identified within the driver may affect hundreds of HP laptops and mobile workstations, including its recent Spectre Pro x360 models.

The fix for this problem was released at the start of November in a dry sounding fashion; the driver update was called the “Synaptics Touchpad Driver Potential, Local Loss of Confidentiality.” Although HP did designate it as something that should be acted on as soon as possible, ZwClose breaks down exactly why this issue is potentially more dangerous than HP makes it sound.

The keylogger in question was discovered hidden within HP’s keyboard driver and looked to save scan codes. Although the logging was disabled by default, it could easily be enabled by a user with administrative access. HP’s claim is that it was a debug trace that wasn’t removed — and now has been by the patch.

In the patch notes, it also goes out of its way to highlight that neither HP itself nor the touchpad developer, Synaptics, had any access to customer information:

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners,” the update page reads. “A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”

Such a problem could still be easily exploitable by malware or a nefarious individual with local access to the HP machine. The fact that this news arises at a time when HP stands accused of installing spyware and tracking software on to customers’ machines (as per ZeroHedge), is hardly ideal. It’s not clear where the tracker came from — be it Windows Update or HP itself — but some users have complained of it having a negative effect on system performance as well.

Although incidents like this don’t engender much trust in a company, it is important that you acquire the patched driver either directly from HP’s website or through a Windows Update. Considering hundreds of different HP laptops are said to be affected by this bug, it’s all the more likely someone would try to exploit it, so update your system as soon as possible.

This isn’t the first time HP has had trouble with keyloggers on its platform, though the most recent one was auditory.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
CES 2023: HP’s Dragonfly Pro Chromebook is the most advanced Chromebook I’ve eve seen
The HP Dragonfly Pro Chromebook with the Digital Trends main page loaded.

At CES 2023, HP officially announced the Dragonfly Pro Chromebook, the company's premium new Chromebook. Among its high-end features is a world-first 8-megapixel laptop webcam, which is a jump up from the 5-megapixel webcams found on HP's other Dragonfly notebooks.

HP's Dragonfly series has been a part of its commercial portfolio for years; including its Elite Dragonfly Chromebook that launched last year. But this year, the new Intel-powered Chromebook, along with its Dragonfly Pro Windows laptop counterpart, is targeted more toward freelancers, creators, and hybrid workers.

Read more
MSI might have the ultimate mini-LED laptop display at CES 2023
MSI GT77 Titan with the Digital Trends website up sitting on a table.

MSI is taking laptop displays to a new level at CES 2023, and it might have the sector cornered for a while. Ahead of CES, MSI announced the updated Titan GT77 HX which comes with the first mini-LED 4K 144Hz display in a laptop, and it boasts some insane specs.

If a 4K mini-LED laptop display at 144Hz isn't enough, the screen also comes with VESA's DisplayHDR 1,000 certification. That means it can reach 1,000 nits of peak brightness. MSI also says it comes with a 1,000,000:1 contrast ratio, which is on the level of screens like the Alienware 34 QD-OLED, and in a laptop at that.

Read more
Your Siri conversations may have been recorded without your permission
iOS 16 and Mac Ventura on Apple devices.

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Read more