{"id":13841,"date":"2017-12-20T22:32:04","date_gmt":"2017-12-21T06:32:04","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=13841"},"modified":"2017-12-21T07:06:30","modified_gmt":"2017-12-21T15:06:30","slug":"sb-12-20-2017","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2017\/12\/sb-12-20-2017\/","title":{"rendered":"Security Bits – HP Keylogger, Mailsploit"},"content":{"rendered":"

Security Medium 1 \u2014 HP’s Accidental Keylogger<\/h3>\n

Some HP laptops shipped with a keyboard driver from Synaptics in which a developer debugging feature was accidentally left enabled. The effect of this mistake is that the driver has built-in support for logging all keystrokes via WPP (a debugging tool that’s built into Windows).<\/p>\n

This sounds bad, really bad, but thankfully it’s not actually as bad as it sounds.<\/p>\n

<\/p>\n

The driver did not log keystrokes by default, it merely has the ability to do so. To enable the ‘feature’<\/em> (for want of a better word), you need to set a registry key, and only users with administrator access can do that. If you have administrator access, you have the power to install a keyboard logger anyway, so all this does is give malicious admins, (or malware that gets admin access) another alternative to do something they already had the power to do anyway.<\/p>\n

It’s important to note that there’s absolutely no evidence of malice of any kind here. This really does look like a simply case of human error. IMO, Hanlon’s Razor<\/a> applies.<\/p>\n

The security researcher who found this issue reported it to HP responsibly, and HP have released driver updates for affected models.<\/p>\n

While owners of affected laptops shouldn’t set their proverbial hair on fire, it’s definitely not a good thing to have a pre-installed keylogger on your laptop, so definitely do update your drivers if you own an affected laptop!<\/p>\n

Links<\/h4>\n