Hewlett Packard has issued an emergency patch to resolve a driver-level keylogger discovered on hundreds of HP laptops.
The bug was discovered by Michael Myng, also known as "ZwClose." The security researcher was exploring the Synaptics Touchpad SynTP.sys keyboard driver and how laptop keyboards were backlit and stumbled across code which looked suspiciously like a keylogger.
In a blog post, ZwClose said the keylogger, which saved scan codes to a WPP trace, was found in the driver.
While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code -- including Trojans -- could take advantage of the keylogging system to spy on users.
"I messaged HP about the finding," Myng said. "They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace."
HP has acknowledged the issue. In a security advisory, HP said:
"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners.
A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue."
A CVSS score of 6.1 has been issued, together with updated firmware and drivers for hundreds of laptops, both commercial and consumer.
Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks, and HP ZBook models, among others.
The researcher said that a fix will also be included in Windows Update.
Back in May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP quickly rolled out a patch which resolved the issue, which could be used to collect data including passwords, website addresses, and private messages.
Previous and related coverage
The COSMOS effort is part of a broader collaboration pact with the Faculty of Mathematics at the University of Cambridge.
The announcement was made following the report of HPE's fourth quarter earnings.
Users are watching the attacker's wallet address like hawks, waiting for any movement of their stolen coins.