HP laptops found to have hidden keylogger
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
HP laptops found to have hidden keylogger
wow....
HP laptops found to have hidden keylogger
QuoteHidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.
Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability".
Second time for HP..
QuoteIn May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
At the time, the company said the keylogger code had been mistakenly added to the software.
Someone on the inside has to be doing that intentionally, right?
HP laptops found to have hidden keylogger
QuoteHidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.
Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability".
Second time for HP..
QuoteIn May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
At the time, the company said the keylogger code had been mistakenly added to the software.
Someone on the inside has to be doing that intentionally, right?
-
- Posts: 0
- Joined: Sat Mar 31, 2018 12:42 pm
HP laptops found to have hidden keylogger
That's just great. Our company recently switched from Dell to HP laptops and I was one of the first recipients of an HP. I see my model number on there.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
HP laptops found to have hidden keylogger
Is there a good business reason for this?
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:53 am
HP laptops found to have hidden keylogger
Well, its disabled by default according to the article. It would take someone to be able to gain access and knowingly activate it. If they had that kind of access, they could also install a keylogger faairly easilyi so its probably not a huge deal.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 12:15 pm
HP laptops found to have hidden keylogger
Wonder if it still works if I take my HP drive out of an HP computer, put it in another brand, and let it configure to the new brand's drivers? Then again, it's a Lenovo and it probably has some more sneaky worms anyway.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
HP laptops found to have hidden keylogger
Quote from: Ellrod on Dec 11, 2017, 11:41AMIs there a good business reason for this?
Remember the beating that Apple took for refusing/being unable to unlock the San Bernardino terrorists' phones? That indicates public perception of end-to-end encryption, the "dark web", etc. "If you have nothing to hide, you have nothing to fear".
I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".
I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.
Remember the beating that Apple took for refusing/being unable to unlock the San Bernardino terrorists' phones? That indicates public perception of end-to-end encryption, the "dark web", etc. "If you have nothing to hide, you have nothing to fear".
I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".
I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:53 am
HP laptops found to have hidden keylogger
Quote from: John Beers Jr. on Dec 11, 2017, 12:15PMRemember the beating that Apple took for refusing/being unable to unlock the San Bernardino terrorists' phones? That indicates public perception of end-to-end encryption, the "dark web", etc. "If you have nothing to hide, you have nothing to fear".
I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".
I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.
Comparing to Apple products, this seems much closer to the massive bug in their products from like iOS 5 -> 7 that was eventually patched that prevented anything being sent over SSL. Although in that case it wasn't for development purposes. Its not difficult to leave something in code that would otherwise be used for debugging.
Quote from: BGuttman on Dec 11, 2017, 12:06PMWonder if it still works if I take my HP drive out of an HP computer, put it in another brand, and let it configure to the new brand's drivers? Then again, it's a Lenovo and it probably has some more sneaky worms anyway.
Windows licensing issues aside, you'd still have the driver installed if you did that. All you have to do is uninstall the keyboard driver. Installing a Lenovo driver... might(?) work, but you don't need to switch anything out to try it. Though make sure you have another keyboard because as soon as you unstall the driver, it sounds like the trackpad and keyboard will stop functioning.
I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".
I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.
Comparing to Apple products, this seems much closer to the massive bug in their products from like iOS 5 -> 7 that was eventually patched that prevented anything being sent over SSL. Although in that case it wasn't for development purposes. Its not difficult to leave something in code that would otherwise be used for debugging.
Quote from: BGuttman on Dec 11, 2017, 12:06PMWonder if it still works if I take my HP drive out of an HP computer, put it in another brand, and let it configure to the new brand's drivers? Then again, it's a Lenovo and it probably has some more sneaky worms anyway.
Windows licensing issues aside, you'd still have the driver installed if you did that. All you have to do is uninstall the keyboard driver. Installing a Lenovo driver... might(?) work, but you don't need to switch anything out to try it. Though make sure you have another keyboard because as soon as you unstall the driver, it sounds like the trackpad and keyboard will stop functioning.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 12:15 pm
HP laptops found to have hidden keylogger
Didn't have any licensing issues -- the new box came with a Windows 7 COA and it authorized just fine.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 12:01 pm
HP laptops found to have hidden keylogger
Quote from: Matt K on Dec 11, 2017, 12:28PMIts not difficult to leave something in code that would otherwise be used for debugging.
This.
Although the fact that it was left in there does raise the questions of whether the code was stuck in there by HP, or if Synaptics included it in the basic driver package to assist mfgs in customizing the driver to work with their hardware, and if the latter, which other mfg's laptops are similarly vulnerable?
BTW ... [spelling nazi]It's.[/spelling nazi].
This.
Although the fact that it was left in there does raise the questions of whether the code was stuck in there by HP, or if Synaptics included it in the basic driver package to assist mfgs in customizing the driver to work with their hardware, and if the latter, which other mfg's laptops are similarly vulnerable?
BTW ... [spelling nazi]It's.[/spelling nazi].
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
HP laptops found to have hidden keylogger
What do you do with a keylogger in an audio driver?
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:53 am
HP laptops found to have hidden keylogger
Quote from: BGuttman on Dec 11, 2017, 12:42PMDidn't have any licensing issues -- the new box came with a Windows 7 COA and it authorized just fine.
Yeah but when you put a system drive in another PC, or even the same PC with a different motherboard, Windows treats it as a new machine and requires you to re-regster. OEM installs in particular have some thorny licensing where suddenly windows decides it isn't active anymore and you have to go through calling up MS and explaining what you did and having them sort out the licensing issue.
Quote from: fsung on Dec 11, 2017, 02:14PM
BTW ... [spelling nazi]It's.[/spelling nazi].
Yeah, I need to disable autocorrect. I have no idea why it decides to do the things it does! My favorite is the correction from "we'll" to "well". Like I accidentally left an extra apostrophe in there on accident or something???
Quote from: robcat2075 on Dec 11, 2017, 05:10PMWhat do you do with a keylogger in an audio driver?
Its possible they have a generic debugging script they use in development that includes any tool they might need, whether it gets used in a particular project or not. Might also have been used to determine if there was interference with the "fn" set of keys for the volume up and down buttons. Logging keys is usually, at most, 3 or 4 lines of code. It wouldn't surprise me if 75% of the applications one has one their machine has something that could be called a keylogger. The hard part is figuring out what is malicious.
For example, you every see the "click here to verify your humanity" capthcas? Those work by checking your browser for imprecise mouse motions, random keypresses, etc. within the last n seconds or minutes of browser activity. Keylogger or useful feature? Both, really. Your browser logs that activity and sends it somewhere remotely. Its just that the data is used for something you find useful and not something malicious (well, probably ).
Now if this driver were sending megabytes of information per day to some server at HP... yeah that would be... suspect. But merely having the opportunity to do so is not quite the same.
Yeah but when you put a system drive in another PC, or even the same PC with a different motherboard, Windows treats it as a new machine and requires you to re-regster. OEM installs in particular have some thorny licensing where suddenly windows decides it isn't active anymore and you have to go through calling up MS and explaining what you did and having them sort out the licensing issue.
Quote from: fsung on Dec 11, 2017, 02:14PM
BTW ... [spelling nazi]It's.[/spelling nazi].
Yeah, I need to disable autocorrect. I have no idea why it decides to do the things it does! My favorite is the correction from "we'll" to "well". Like I accidentally left an extra apostrophe in there on accident or something???
Quote from: robcat2075 on Dec 11, 2017, 05:10PMWhat do you do with a keylogger in an audio driver?
Its possible they have a generic debugging script they use in development that includes any tool they might need, whether it gets used in a particular project or not. Might also have been used to determine if there was interference with the "fn" set of keys for the volume up and down buttons. Logging keys is usually, at most, 3 or 4 lines of code. It wouldn't surprise me if 75% of the applications one has one their machine has something that could be called a keylogger. The hard part is figuring out what is malicious.
For example, you every see the "click here to verify your humanity" capthcas? Those work by checking your browser for imprecise mouse motions, random keypresses, etc. within the last n seconds or minutes of browser activity. Keylogger or useful feature? Both, really. Your browser logs that activity and sends it somewhere remotely. Its just that the data is used for something you find useful and not something malicious (well, probably ).
Now if this driver were sending megabytes of information per day to some server at HP... yeah that would be... suspect. But merely having the opportunity to do so is not quite the same.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:53 am
HP laptops found to have hidden keylogger
robcat2075 asks:
> What do you do with a keylogger in an audio driver?
Debug the API that supports system-level keyboard-based (including macros, keyboard remapping, etc.) audio controls.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:53 am
HP laptops found to have hidden keylogger
robcat2075 asks:
> What do you do with a keylogger in an audio driver?
Debug the API that supports system-level keyboard-based (including macros, keyboard remapping, etc.) audio controls.