ASUS GeForce RTX 2080 STRIX OC 8G review
Crucial BX500 480 GB SSD review
MSI GeForce RTX 2080 Ti DUKE review
Gigabyte GeForce RTX 2080 GAMING OC 8G review
MSI GeForce RTX 2080 Ti Gaming X TRIO review
Asus GeForce RTX 2080 Ti RoG Strix review
GeForce RTX 2080 Founders review
GeForce RTX 2080 Ti Founders review
HyperX Predator DDR4 RGB 32GB 2933 MHz review
Nvidia Turing GeForce 2080 (Ti) architecture review
HP Patched a keyboard driver that could be used as a keylogger
A keylogger was discovered by the keyboard driver of HP, and can potentially be abused by malware. The keylogger was found inside the driver of the Synaptics Touchpad, potentially affecting millions of users.
HP reports that for the vulnerability an attacker needs administrator rights to use it. Nearly 500 models laptops and desktop models are affected. HP responded quickly after reporting his findings to the company and said it was code that was left over during debugging.
The keylogger was disabled by default, a simple change in the Windows Registry could enable it. HP has released an update to remove the code from the driver. The update can be downloaded from HP’s website and through Windows Update. The HP website also has a list of affected laptop models. The list contains about 500 different models.
It’s the second time this year a keylogger was found on HP’s laptops, previously a keylogger was found in audio drivers used on HP devices.
JJayzX
Senior Member
Posts: 448
Joined: 2006-05-17
Senior Member
Posts: 448
Joined: 2006-05-17
#5500156 Posted on: 12/11/2017 08:16 PM
The driver isn't even a new driver, it's from August.
The driver isn't even a new driver, it's from August.
Size_Mick
Senior Member
Posts: 172
Joined: 2002-03-22
Senior Member
Posts: 172
Joined: 2002-03-22
#5500187 Posted on: 12/11/2017 09:19 PM
From what I've read elsewhere, this is a problem that may extend to *any* brand of laptop with Synaptics drivers. Which is a heck of a lot of laptops.
From what I've read elsewhere, this is a problem that may extend to *any* brand of laptop with Synaptics drivers. Which is a heck of a lot of laptops.
386SX
Senior Member
Posts: 253
Joined: 2017-06-26
Senior Member
Posts: 253
Joined: 2017-06-26
#5500362 Posted on: 12/12/2017 09:42 AM
It indeed seems it affects all notebooks with synaptics touchpad:
https://www.theregister.co.uk/2017/12/11/hp-synaptics-keylogger/
They say it is stored in "SynTP.sys", a file originating from (you may guess) Synaptics itself.
My best practice is to deny any program the access to the internet where I am sure there is no need to, for example those touchpad drivers (why would anyone need them to connect to somewhere, they are DRIVERS!!!111oneoneeleven1!1!
That is the only reason I still use a desktop firewall (in addition to my hardware based one), otherwise I would have no reason at all.
But to see a big OEM to include keyloggers in their own modified drivers is a thing I get mad of. I mean, we talk about HP right? HP is no "small backyard garage reparing computers", it is one of the biggest OEMs and therefore should take every precaution when testing their released drivers. They are "certified by HP" and you install them on your 1500 Euro notebook and your 2000 Euro workstation, so you would obviously think "if they are certified, they are safe". But even so obviously you are better off to download the uncertified ones from untrustworthy sources. Chances of "infection" are less than downloading from HP itself.
(Really, do the math: Download at HP, certified driver section = 100% chance to get a keylogger; download at chinahackerswilldestroyyourmachine.cn is statistically less!
)
Does anyone know if there is a driver release without keyloggers, even if they are "old" like two or three years? I really don't care, if they do not contain any malware.
It indeed seems it affects all notebooks with synaptics touchpad:
https://www.theregister.co.uk/2017/12/11/hp-synaptics-keylogger/
They say it is stored in "SynTP.sys", a file originating from (you may guess) Synaptics itself.
My best practice is to deny any program the access to the internet where I am sure there is no need to, for example those touchpad drivers (why would anyone need them to connect to somewhere, they are DRIVERS!!!111oneoneeleven1!1!
That is the only reason I still use a desktop firewall (in addition to my hardware based one), otherwise I would have no reason at all.
But to see a big OEM to include keyloggers in their own modified drivers is a thing I get mad of. I mean, we talk about HP right? HP is no "small backyard garage reparing computers", it is one of the biggest OEMs and therefore should take every precaution when testing their released drivers. They are "certified by HP" and you install them on your 1500 Euro notebook and your 2000 Euro workstation, so you would obviously think "if they are certified, they are safe". But even so obviously you are better off to download the uncertified ones from untrustworthy sources. Chances of "infection" are less than downloading from HP itself.
(Really, do the math: Download at HP, certified driver section = 100% chance to get a keylogger; download at chinahackerswilldestroyyourmachine.cn is statistically less!
)Does anyone know if there is a driver release without keyloggers, even if they are "old" like two or three years? I really don't care, if they do not contain any malware.
sverek
Senior Member
Posts: 4129
Joined: 2011-01-02
Senior Member
Posts: 4129
Joined: 2011-01-02
#5500363 Posted on: 12/12/2017 09:45 AM
Why keylogger even exists. It's just asking for trouble.
Why keylogger even exists. It's just asking for trouble.
schmidtbag
Senior Member
Posts: 3166
Joined: 2012-11-10
Senior Member
Posts: 3166
Joined: 2012-11-10
#5500519 Posted on: 12/12/2017 05:14 PM
To me, the fact you need a 3rd party driver for a basic input device is enough of a red flag to me. I wish companies would keep their crappy bloatware out of my user experience. Though, this is usually why if I use Windows, I just do a fresh OEM install.
Keyloggers pretty much always exist specifically to cause trouble. The driver isn't "intentionally" a keylogger, though.
To me, the fact you need a 3rd party driver for a basic input device is enough of a red flag to me. I wish companies would keep their crappy bloatware out of my user experience. Though, this is usually why if I use Windows, I just do a fresh OEM install.
Why keylogger even exists. It's just asking for trouble.
Keyloggers pretty much always exist specifically to cause trouble. The driver isn't "intentionally" a keylogger, though.
JJayzX
Senior Member
Posts: 448
Joined: 2006-05-17
Senior Member
Posts: 448
Joined: 2006-05-17
#5500736 Posted on: 12/13/2017 02:42 AM
To me, the fact you need a 3rd party driver for a basic input device is enough of a red flag to me. I wish companies would keep their crappy bloatware out of my user experience. Though, this is usually why if I use Windows, I just do a fresh OEM install.
Keyloggers pretty much always exist specifically to cause trouble. The driver isn't "intentionally" a keylogger, though.
So what driver would you use for touchpad? synaptics have been the touchpad providers for many years. These drivers aren't bloatware so a fresh windows install would do nothing in this case but I do the same thing.
To me, the fact you need a 3rd party driver for a basic input device is enough of a red flag to me. I wish companies would keep their crappy bloatware out of my user experience. Though, this is usually why if I use Windows, I just do a fresh OEM install.
Keyloggers pretty much always exist specifically to cause trouble. The driver isn't "intentionally" a keylogger, though.
So what driver would you use for touchpad? synaptics have been the touchpad providers for many years. These drivers aren't bloatware so a fresh windows install would do nothing in this case but I do the same thing.
schmidtbag
Senior Member
Posts: 3166
Joined: 2012-11-10
Senior Member
Posts: 3166
Joined: 2012-11-10
#5500741 Posted on: 12/13/2017 02:58 AM
Actually, Windows comes with functioning drivers for Synaptic touchpads and pretty much always has. You might not get things like multi-touch functions or palm sensing but otherwise they're perfectly usable without having to install anything extra at all, and there are no additional background processes involved. I don't ever recall a point where the touchpad didn't work out-of-the-box using any version of Windows going as far back as Windows 95 (I never used a laptop with 3.1).
So what driver would you use for touchpad? synaptics have been the touchpad providers for many years. These drivers aren't bloatware so a fresh windows install would do nothing in this case but I do the same thing.
Actually, Windows comes with functioning drivers for Synaptic touchpads and pretty much always has. You might not get things like multi-touch functions or palm sensing but otherwise they're perfectly usable without having to install anything extra at all, and there are no additional background processes involved. I don't ever recall a point where the touchpad didn't work out-of-the-box using any version of Windows going as far back as Windows 95 (I never used a laptop with 3.1).
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 2254
Joined: 2011-11-24
Someone should tell them how to use #ifdef.