Security Alerts Keylogger Found in Driver Software for HP/Compaq/Windows Notebook Computers

Monday, Dec 11, 2017

A security researcher uncovered a keystroke logger within the internals of a driver for a touchpad typically used on HP notebook computers, one in which could be turned on with a basic change to the configuration in the Windows registry.

The logger was found inside driver software for Synaptics touchpads, used by hundreds of HP and Compaq notebook computers, along with other Windows notebook computers from other manufacturers.

This vulnerability could be leveraged by an attacker or malware to obtain login credentials and other personal data.

The keylogger is disabled by default, and was apparently included for debugging during development. But, a user or software with admin privileges could trigger the keylogger by making a change to the registry – possibly remotely – using Windows Management Instrumentation (WMI) or PowerShell scripts. Once enabled, keystrokes are captured and a trace log file is generated.

In a security notice on November 7, HP acknowledged the presence of the keylogger and offered links to patched drivers for the affected models. The company stated that this vulnerability “impacts all Synaptics OEM partners” and that neither HP nor Synaptics had access to customer data as a result of the keylogger.

For more information on how to keep your information safe, click here.