ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
HP has released driver updates for hundreds of notebook models to remove debugging code that an attacker could have abused as a keylogger component.
The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.
“The logging was disabled by default but could be enabled by setting a registry value,” said a security researcher going by the name of ZwClose, who discovered the flaw earlier this year.
That registry key is:
Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.
Just some leftover debugging code
“The keylogger saved scan codes to a WPP trace,” said ZwClose. WPP software tracing is a technique used by app developers and is intended for debugging code during development.
After reporting the issue, the researcher said HP devs candidly admitted the keylogging code was a leftover from debugging sessions and “released an update that removes the trace.”
HP also released a list of affected notebooks. The list is 475 models-long and includes 303 consumer notebooks and 172 commercial notebooks, mobile thin clients, and mobile workstations. Affected model lines include HP’s 25*, mt**, 15*, OMEN, ENVY, Pavilion, Stream, ZBook, EliteBook, and ProBook series, along with several Compaq models.
ZwClose also published a technical analysis of the SynTP.sys file and the keylogger code for security researchers and software developers.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.