HP Laptops Found To Have Hidden Keylogger (bbc.com) 116
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
See, they did not leak any data. (Score:5, Insightful)
but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
It is like Yale announcing that its locks, made since 1929, could be opened by any pentalobulous screw driver, but neither Yale, nor the screwdriver maker, got any share of the loot taken by any burglar taking advantage of the flaw.
Re:See, they did not leak any data. (Score:5, Informative)
Re: (Score:3, Funny)
Pentalobular + fabulous = pentalobulous
Usage :
"How are we going to open the lock on our cell?"
"Don't worry I've got my penalobulous screwdriver?"
Re: (Score:2)
He said his ACER laptops are still working but his advice is to buy ASUS.
Maybe he has a keyboard problem?
Re: (Score:2)
Re: (Score:1)
Airtight hatchway, etc (Score:5, Insightful)
How do you end up with an attacker that can write to your registry (and also read your log files) but can't just install their own keylogger?
Re:Airtight hatchway, etc (Score:5, Insightful)
An attacker's own keylogger might well be recognized as malicious and blocked from communicating with the network stack or otherwise blocked by not appearing in a whitelist in a corporate environment. The trusted device driver for the keyboard would probably be whitelisted and since vendor software is usually allowed to talk to the Internet so that it can check for updates, allowed to communicate. With these in-mind, the attacker's own payload to activate the keylogger might make so few changes as to not be recognized for what it is by such security software. Also, if someone were to hack HP or Synaptics' systems they could potentially enable it subtly where it might not be obvious that it has been enabled.
Additionally those traveling internationally with these laptops where the computer may be 'inspected' by a foreign government could find such a logger enabled and again, the security software on the computer might not recognize that it has happened while it might recognize third-party software. If that government would have a second opportunity to inspect the computer then they could retrieve the contents of the log.
Re: (Score:2)
An attacker's own keylogger might well be recognized as malicious and blocked from communicating with the network stack...
What led you to believe the built-in tool sends the keystrokes over the network? The attacker is still on the hook for exfiltration, so the GP is correct: at that point he has already won.
Re: (Score:1)
Re: (Score:1)
It makes life considerably easier when the malicious software is considered part of the standard code base, instead of having to connect storage or download something external to the machine you simply have to run a command or two to activate the existing code. Much faster, much easier.
File integrity or heuristic monitoring software like antivirus software will likely ignore pre-installed malicious code.
Network level scanning for downloads of likely keyloggers will also not be triggered.
What I miss. (Score:5, Insightful)
This is one of the reasons I really liked the preprocessor in C. I miss #IF DEBUG / #ENDIF.
Re: (Score:2)
Re:What I miss. (Score:5, Interesting)
I call bullshit on this "mistake" not being intentional. Their coding practices might be bad for other reasons, but if companies add backdoors left and right, at this point it's reasonable to assume malice rather than stupidity.
Re: (Score:3)
Re: (Score:3)
A year too late. The election is over (Score:3)
In case you missed it, the election was over a year ago. Slashdot even had stories about it.
https://politics.slashdot.org/... [slashdot.org]
https://politics.slashdot.org/... [slashdot.org]
"Trump would _______ [whatever]" isn't helpful at this point; it only serves to get your blood pressure up.
If you just can't get enough of presidential politics, you could start looking at who might be good in 2020, because that's the next election. Or seek counseling because the whole thing is bull, and not good to focus on 24/7/365. Taking a break
Re: (Score:1)
Re: (Score:2)
2020 is when we'll vote again for president. Plenty of down ticket elections are coming up beforehand, and people need to get off their asses and then down to their respective voting precinct to help decide these. The down ticket contests matter so much more long-term as it is their winners that are in the pipeline for gaining more power down the road.
Access to the machine = install keylogger (Score:3, Insightful)
Wouldn't someone able to access the device and enable the keylogger be instead able to, you know, install a keylogger ?
Hype.
Re: (Score:3, Funny)
Re: (Score:2)
Thanks to Intel ME (Score:2, Insightful)
The NSA loses another preferred partner tool (Score:5, Insightful)
Re: The NSA loses another preferred partner tool (Score:5, Interesting)
Re: The NSA loses another preferred partner tool (Score:2)
Re: (Score:1)
You're clearly never worked at a large software company. Stuff like this is standard. A respected financial company used a backdoor into their software to auto-install updates to get around having to deal with customer IT departments sitting on their updates before installing them. Instead of having to wait for an IT department to approve the SW changes, the company would push them out without telling anyone. Though at least the updates were extensively tested before hand.
Well, this was before the pract
Re: (Score:2)
Just like the things we saw with the networking folks, another vendor says oops look at this surveillance tool we just happened to have left in our production stack we've been putting on all our machines for years. Time for someone to look at Dell and see if they've made the same "mistake".
NSA to HP: That backdoor has been compromised we need another or you know what will happen, no more government contracts.
HP to rest: Oh look what was found, well it's easy to explain; nothing to see here.
Re: (Score:3)
Which driver versions included the 'flaw'? (Score:3, Interesting)
Re:Which driver versions included the 'flaw'? (Score:4, Insightful)
You already installed win10, which comes with built in microsoft keylogger, among other monitoring implements that call home. Your worry is like worrying about getting wet from crying after your ship sank and you're floating in the ocean.
Re: (Score:2)
You already installed win10, which comes with built in microsoft keylogger, among other monitoring implements that call home. Your worry is like worrying about getting wet from crying after your ship sank and you're floating in the ocean.
As far as I can tell if one disables Windows Cortana (Autoruns) updates are stopped and problem solved. It could be something else involved but Process Explorer seems to agree.
Re: (Score:2)
Oh you naive summer child. Cortana is just a small part of the "log everything user does and call home with this information" package, specifically the part that always listens to the user.
Tracking key presses is another part of internal spyware systems in win10, as is tracking of applications used and usage times and so on.
Same "accident" twice? (Score:5, Informative)
http://www.zdnet.com/article/k... [zdnet.com]
Maybe it's time for law enforcement to get involved.
Re: (Score:2)
Maybe, but law enforcement should definitely get involved if a teleporter vendor were to follow your sig's logic. You're invoking kill() before copy(). Might as well beam the poor bastard to /dev/null.
Re: (Score:1)
You assume:
A) it was an accident in either instance, and
B) law enforcement (NSA) wasn't directly involved in both.
"Attacker w/ access to the computer" Then so what? (Score:2, Insightful)
So an attacker with access to the computer could turn on HP's built-in keylogger.
Couldn't that same attacker with access to the computer install and turn on his own keylogger, which is probably to his preference because it works with the rest of his toolkit seamlessly on any model of computer instead of just on HPs?
So, what's the impact exactly?
This reminds me of promiscuous mode on ethernet interfaces. Debugging tool with security implications that is turned off by default. Useful. Not a big deal. Usef
Re: (Score:1)
It means someone with access to the computer can start keylogging without:
- having to download or install anything from the internet or local media, in cases of airgapped or usbport-glued-up machines
- without any virus scanner or regular auditing software detecting any new exes or files installed on the machine
- bypassing any kind of 'trusted exe only' hardened security rules
I'm sorry your lack of imagination means you don't see what the impact of this is, or ways in which it differs to an attacker installi
Isn't this old news? (Score:2)
Re: (Score:3, Informative)
Because this is about a different driver having a keylogger. So, no, it’s not old news.
Re: (Score:1)
Re: (Score:3)
Re: (Score:1)
Hidden Keylogger (Score:1)
More Debug Code in Production (Score:2)
This is only the billionth time that debug code has made it into a production release. It will continue to happen unless there are consequences.
I think I'd like to see a modest fine from the government whenever debug code makes it into a production environment in a way that poses a risk to security or confidentiality.
Not enough to really hurt a business. Just enough to encourage following SOPs so their projects are built correctly before getting shipped out to customers.
Well, cool. (Score:2)
HP pre-installs a keylogger so I don't have to click on pr0n popups to get one installed. Just another customer service from HP. Yay.
HP and Synaptics should get out of software (Score:1)
Both HP and Synaptics should get out of the software business. Even if you ignore this flaw; the touchpad drivers installed on HP computers are so awful, unresponsive, glitchy, buggy, and unusable, it's no wonder Microsoft is slamming the hammer down with Precision Touchpad drivers.
Really? (Score:2)
What a bunch of FUD...
> an attacker with access to the computer could have enabled it to record what a user was typing
An attacker with access to the computer could just install a keylogger. This is a non-issue.
They don't need to break your crypto (Score:2)
if keyloggers are present on your system by default.
By extension, it should be simple to include a built in hardware keylogger into the guts of any keyboard. Simply type in a key sequence to bring up the log file.
I used to have a usb dongle that did this, don't see why it couldn't be wired directly into the keyboard itself. No way to find it without tearing apart the keyboard and knowing what to look for.
Re:repost? (Score:5, Informative)
isnt this a repost from May
Nope, this is a second keylogger. The one from May was in audio driver, this one is in the keyboard driver. Mentioned in the article -- have you read it before responding?
Re: (Score:2, Funny)
Perhaps it's in one of HP's libraries?
#include "stdkeylogger.h"
Re: (Score:1)