Oops… Some HP Laptops Shipped With Hidden Keylogger | Privacy

By John P. Mello Jr.

Dec 12, 2017 three:24 PM PT

Some HP laptops customers got here with a preinstalled program to seize the keystrokes of customers, a safety researcher lately found.

The researcher, Michael Myng aka “ZwClose,”
found the keylogger software program whereas making an attempt to unravel a keyboard drawback for a good friend. The software program is turned off by default.

After Myng contacted HP about this system, it rapidly
launched a patch to eliminate it.

“A keylogger is a very dangerous piece of software,” stated Lamar Bailey, director of safety analysis and improvement at Tripwire.

“It is like having someone looking over your shoulder while you are typing,” he advised TechNewsWorld. “Keyloggers can capture passwords that can be used to access financial accounts, record personal communications or even proprietary code under development.”

No Malicious Intent

Keyloggers are an vital weapon within the arsenal of cyberattackers, famous Chris Morales, head of safety analytics at
Vectra Networks.

“They’re often used in the recon phase of targeted attacks to gather user credentials and other sensitive information which can later be used to compromise user accounts,” he advised TechNewsWorld.

“Keyboard loggers can be very hard to spot with consumer AV,” Morales added.

Once a machine is compromised, as a substitute of utilizing a malicious payload that probably could possibly be recognized by safety merchandise, a sensible attacker may activate and use the built-in keyboard logger characteristic, explalined David Picket, a safety analyst with AppRiver.

“This would help them evade traditional detection methods that security products might have otherwise detected,” he advised TechNewsWorld.

Production Error

As harmful as keyloggers could be, the software program within the greater than 460 HP laptop computer fashions would not seem to have any malicious intent behind it.

“The keylogger appears to be a part of the driver of the Synaptics Touchpad,” stated Frederik Mennes, the senior supervisor for market and safety technique at Vasco Data Security.

“It was used for debugging purposes by the company providing the touchpad,” he advised TechNewsWorld.

The keylogger instrument ought to have been faraway from the software program earlier than it was finalized, stated Vectra’s Morales.

“While in this instance it’s unlikely to be a consciously malicious act,” he continued, “it is another example of poor QA controls of digital supply chain risk.”

It’s doubtless that the standard management checks for the third-party drivers weren’t in depth sufficient to uncover the disabled keylogger remaining from the software program improvement stage, AppRiver’s Picket stated.

“The keylogging data would be extremely useful while the software was undergoing development for troubleshooting and debugging purposes, but a security concern, once distributed,” he defined.

Low Risk for Consumers

While the code on the laptop computer is not malicious, it could possibly be exploited by dangerous actors, famous Joseph Carson, head of world strategic alliances at

“It would be a major catastrophe if the code was injected by hackers without HP’s knowledge,” he advised TechNewsWorld.

It can be even worse if code given to HP by suppliers weren’t being checked fastidiously earlier than being despatched to the techniques producing the company’s merchandise.

“If that were the case, then I would be very concerned about other code that goes through the same software development lifecycle,” Carson stated.

Keyloggers generally is a critical risk to shoppers, however within the case of the HP keyloggerm the risk is not vital, prompt Vasco’s Mennes.

“The keylogger is disabled by default, and requires administrative access to the device to be enabled, so the risk for consumers and business users is rather low,” he identified.

“I do not believe consumers should be concerned that a cybercriminal could exploit the code with administrative permissions,” remarked Thycotic’s Carson. “If so, then the buyer already has a lot greater points and sure their techniques are totally compromised.

Still, it is advisable for shoppers to make sure their techniques are up to date, he stated, to scale back alternatives for exploitation.

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus embody cybersecurity, IT points, privateness, e-commerce, social media, synthetic intelligence, large knowledge and client electronics. He has written and edited for quite a few publications, together with the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Tech News


Show More

Related Articles