The problem code was present in the SynTP.sys file, which is
part of the Synaptics Touchpad driver.
HP has released an update for drivers in hundreds of
notebook models, removing code for debugging that could be used by attackers as
a keylogger. The problem code was present in the SynTP.sys file, which is part
of the Synaptics Touchpad driver.
The problem was discovered by a security researcher under
the pseudonym ZwClose. "Registration of keystrokes is disabled by default,
but you can enable it by making changes to the registry values," the
researcher explained. It's about modifying the registry key HKLM \ Software \
Synaptics \% ProductName% HKLM \ Software \ Synaptics \% ProductName% \
Default. With its help, attackers can activate the keylogger function and
monitor victims using the "native" tools of the system and remaining
unnoticed for security solutions. You just need to bypass the User Account
Control (UAC) when modifying the key registry.
As explained by ZwClose, the scanned keylogger codes are
stored in WPP. The WPP tool was developed by Microsoft and is intended for
debugging and tracing the code in the development process. The researcher told
HP about his discovery, and the company issued a correction.
Let's remind, in products HP keylogger is found out not for
the first time. In May of this year, the built-in keylogger was detected in 20
models of notebooks produced by the company. At the end of the past month, the
manufacturer was also accused of hidden installation of spyware on its devices.
Comments
Post a Comment