Back in May, it became public that HP laptops came with a keylogger nicely packed inside their official audio driver files. Last month, a spyware known as "HP Touchpoint Analytics Client" was identified as well. Now, it looks like the time has come for a third poisoned apple (and apparently the worst of them all) from HP to be discovered.
According to a Twitter message that surfaced online last week, independent security researcher ZwClose discovered a keylogger in the SynTP.sys file. His message says the following: "Oh well. Keylogger in HP's SynTP.sys. Off by default. Vendor contacted. Fix released and pushed. Blog post is on the way."
The blog post he mentioned has been published on December 7 and can be checked here (it includes a lot of technical details, so consider yourselves warned).
The good part is that, in the end, HP moved really fast and published a security bulletin the same day, including a (very long!) list of software updates that can take care of the problem. To access all these updates, just go to this page.
Those wondering about the details of this security issue should just know that the keylogger could allow third parties to record every keystroke and steal all sensitive data, including passwords and credit card details. According to HP, this keylogger was nothing but a debug trace that has been left there by accident. Since it was disabled by default, HP might be right. However, enabling it only requires the change of a single registry value, so this accident could have led to a major security issue for thousands of users.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
Details here