Laptop users are faced with a whole host of security issues – vulnerable wi-fi hotspots and theft being a few examples. Well, it’s time to add yet another vulnerability to the list.
BBC reports that a security researcher, Michael Myng, also known under a pseudonym as ZwClose, found a critical vulnerability in the software of HP’s laptops. The issue is with the drivers that enable the keyboard to function. It seems that the drivers contained a fatal flaw that allows for tracking of keystrokes – i.e. a keylogger.
The software came preinstalled on more than 470 laptop models in virtually every price range, but the company has recently issued a patch that would fix the software issue. Models dating as far back as 2012 have been affected with the issue.
The error is present in Synaptics Touchpad software, which creates touchpad and input solutions for several large manufacturers. It is yet unclear whether other manufacturers’ laptops were affected as well.
The keylogger isn’t enabled by default, but a malicious attacker could enable the software by changing a few registry values and record the raw keyboard input. From it, they could record passwords, messages and other sensitive input. The attacker would have to gain physical access to the laptop first, though. This is the catch – once they do, there are more elegant solutions that can be used, which is why this has been classified as a low-risk vulnerability.
Both Synaptics and HP claim they didn’t have access to customer data and that the keylogger wasn’t used by the companies, even though they admitted that “there was a loss of confidentiality”. This is the second time that a keylogger was found in HP software. A keylogger was first discovered in HP’s audio drivers in May last year, but only about 30 models were affected. These drivers would write all keystrokes into a log file.
The first time, the company maintained that keyloggers were mistakenly added. This time, they confirmed that it was a debugging feature accidentally left in the code.
If you own a HP laptop, you can click on this list to see whether your laptop is one of the affected models. There is a sticker at the bottom of the laptop that contains the model number. If you can’t see it, pressing Fn + Esc will display the System Info window that should contain the number. Make sure to update the software if that’s the case here, or you can wait for a regular scheduled Windows update, which should roll out the new driver versions as well.
One can hope that these two instances are a product of oversight instead of malice. But in any case, shoddy quality control certainly isn’t something that customers would appreciate, especially those who shell out money for premium products.
But to answer the question from the introduction, the issue isn’t as serious as most computer enthusiast websites depict it. It is a very worrying trend though.
