HP laptop users are urged to update their systems for patches that will help mitigate a keylogger risk with the integrated Synaptics Touchpad driver.
Users of a number of different HP laptops are being urged to update drivers, after security researcher Michael Myng revealed a potential keylogger risk with the integrated Synaptics Touchpad driver.
Myng who is also known by his online alias ZwClose, first publicly mentioned the issue in a Twitter message on Dec. 6. In a message sent to eWEEK, Myng said that he notified HP in August and it took HP a few months to release the update.
A full technical writeup on the Synaptics Touchpad driver as integrated by HP in over a hundred different laptop models, was published by Myng on Dec. 7. The keylogger is not enabled by default, but could have potentially been turned on by a malicious attacker.
« HP was advised of an issue that exists with Synaptics’ touchpad drivers that impacts all Synaptics OEM partners, » HP wrote in a statement sent to eWEEK . « HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available in the security bulletin on HP.com »
HP quietly released the advisory and patches for the touchpad keylogger issue on Nov. 7. Though a keylogger has the potential to log all keystrokes on a system, HP noted in its’ statement that it had no access to customer data as a result of this issue.
Impact
Joseph Carson, Chief Security Scientist at Thycotic said that risk of the keylogger vulnerability is that a cybercriminal or malicious insider could use the vulnerability to capture keystrokes on an exploited device.
« This means anything typed using one of the affected systems could be recorded including confidential, financial or even personal details, » Carson told eWEEK . « The vulnerability however does require administrator privileges to exploit it. »
Carson added that an attacker that could compromise administrator privileges could enable the keylogger, so they could stay hidden and not trigger any alarms. Additionally he noted the issue could have been potentially abused by an insider who already has administrator privileges.
Marcus Carey, CEO and Founder of Threatcare, downplayed the Synaptics keylogger as not being a new type of risk for users.
« I don’t think this was a real risk for users because to access the keylogger the machine would have been compromised by a malicious user, » Carey told eWEEK . « Additionally, keyloggers are a dime-a-dozen type of utility and there are plenty of them to be used by attackers. »
What Should Users Do?
Regardless of whether or not the flaw has ever been publicly used to exploit users, there is a potential risk that users should mitigate. HP has provided patches for its impacted systems that users can download here.
« If I were writing the Ten Commandments for Cybersecurity, patching would be the first thing on the list, » Carey said. « Patching is absolute the best thing any attacker can do to protect themselves from most risks. »
Carson commented that it’s important for users to understand and determine if the keylogger was enabled at any point. He added that it’s also a good practice to use two-factor authentication tools and to consider changing passwords if any suspicious or unauthorized activity is suspected.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
