Previously, Hewlett Packard had a keylogger embedded in their audio driver and now there’s one found in their synaptics keyboard driver. This driver can be found on most modern HP laptops.
Security researcher Michael Myung discovered the keylogging code in the keyboard driver while trying to control the keyboard back-light. The code looks for a registry key and if it exists, starts logging keystrokes. When contacted, HP confirmed that the keylogging code was present and have immediately released an update that removes the code. The code was intended for debugging purposes only but an attacker who had access to the victims registry would be able to leverage this debug code to steal account information, logins and so on.
On a scale of “critical” to “benign”, I’d rate this as mostly harmless. For the attack to be utilised, the attacker needs write access to your registry already and if they have that level of access, you’ve probably got more things to worry about. That said, you always want to reduce your attack surface, so it’s recommended you update your drivers immediately.
Affected models and the updates for them are available on HP’s website. We will be scanning for affected models on all of our clients computers shortly and notifying those that need to take action.