HP patches keyboard driver that could be used as a keylogger

HP released patches for a large number of laptops after a security researcher determined that the Synaptics Touchpad driver contained a keylogger that could be enabled by modifying a registry value. According to HP, this is debugging code.

In the description of the patches, HP reports that the vulnerability involves “local loss of confidentiality” and that an attacker would need administrative privileges to use it. On the related page, the company further states that more than 170 business models and more than 300 consumer models have been affected.

The vulnerability was found by security researcher Michael Myng, who describes his findings in a blog post. In it, he reports that the code ‘stored scan codes in a wpp trace’. A keyboard generates scan codes when the user presses a certain key. Wpp tracing is used while debugging code during software development, according to Microsoft.

According to the researcher, HP responded quickly after reporting its findings to the company, saying it was code left over from debugging. Because keystroke tracking is disabled by default and must be enabled via a registry value, the feature can be used by an attacker who has the necessary rights.

In addition to the patches from HP, there will also be an update via Windows, according to the researcher. This is not the first time HP has responded to the discovery of a keylogger this year. In May, a security company found such a feature in the laptop’s audio driver.