Keylogger discovered on HP Notebooks, company issues patches

HP recently revealed some rather unnerving news about their Notebooks currently in use by many worldwide. It turns out that, as Bleeping Computer’s Catalin Cimpanu reports, a debugging code used in development was left by accident in their products. The issue with this is that the debugging code can easily be used in a malicious manner by any threat actor to function as a keylogger.

The debugging code was discovered by the security researcher ZwClose and promptly disclosed to the company. ZwClose wrote a blog post detailing the technical aspects of the keylogger recently and there were some great insights given. The researcher stated that the debugging code is vulnerable because:

The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).

The registry value is the following line of code (shown for information purposes only):
HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default
HP, once informed, had developers admitting that there was indeed debugging code left over from development and they were working on an update to fix the issue. The update has now been released and affects a large amount of HP products. The list is far too extensive (475 in total) to list here, but HP has a full post on this issue and includes the list of products that require the update.

This is the second time a keylogger has been found in HP products this year, with the first time being in May when an audio driver had rather similar code (in terms of debugging function) left in it. Initially, I thought that HP perhaps had malicious intentions, but if they really wanted to do some damage (aka for clandestine ops via the NSA and others), there are far more effective ways than debugging code that requires admin access to execute.

I’m more inclined to think that HP was negligent, which doesn’t make this any less serious, but at least the company found a solution in a fairly quick manner. Companies really need to do better, however, in their production process to prevent incidents like this in the future. HP users got lucky that this wasn’t leveraged in a large hacking operation.

As we all know, luck eventually runs out.

Photo credit: Pixabay