Keylogger Discovered in HP Notebook Keyboard Drivers

Share this…

HP Notebook Drivers contains Keylogger vulnerability that can be abused by hackers and steal the user’s information which could be affected with hundred of HP Notebook model.

This critical vulnerability discovered in keyboard driver SynTP.sys HP Notebook computers and by default logging was disabled and we can enable by setting a registry value (UAC required).

Registry value:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

The genuine SynTP.sys file is a software component of Synaptics Pointing Device by Synaptics.

Synaptics Pointing Devices enable touch sensitivity on devices such as laptops, touchscreens, and special keyboards. SynTP.sys is a system driver for the Synaptics Pointing Device.

This flaw has been discovered by the reversing the via IDA Disassembler and researchers noticed that there is many strings are presented in the disassembled code which contains an indication of the keylogger vulnerability.

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.

I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.

They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

This critical debug trace flaw leads to abuse the Registry key using malware by hackers and try to enable the keylogger behavior through bypassing the User Account Control (UAC) using many open source tools.

Researchers have been reported this critical vulnerability into HP and they consider it as Potential, local loss of confidentiality. Finally acknowledged and released a Driver update for all the affected HP Models.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue” HP said.