HP Patched a keyboard driver that could be used as a keylogger
Click here to post a comment for HP Patched a keyboard driver that could be used as a keylogger on our message forum
RealNC
Someone should tell them how to use #ifdef.
JJayzX
The driver isn't even a new driver, it's from August.
Size_Mick
From what I've read elsewhere, this is a problem that may extend to *any* brand of laptop with Synaptics drivers. Which is a heck of a lot of laptops.
386SX
It indeed seems it affects all notebooks with synaptics touchpad:
https://www.theregister.co.uk/2017/12/11/hp_synaptics_keylogger/
They say it is stored in "SynTP.sys", a file originating from (you may guess) Synaptics itself.
My best practice is to deny any program the access to the internet where I am sure there is no need to, for example those touchpad drivers (why would anyone need them to connect to somewhere, they are DRIVERS!!!111oneoneeleven1!1!
That is the only reason I still use a desktop firewall (in addition to my hardware based one), otherwise I would have no reason at all.
But to see a big OEM to include keyloggers in their own modified drivers is a thing I get mad of. I mean, we talk about HP right? HP is no "small backyard garage reparing computers", it is one of the biggest OEMs and therefore should take every precaution when testing their released drivers. They are "certified by HP" and you install them on your 1500 Euro notebook and your 2000 Euro workstation, so you would obviously think "if they are certified, they are safe". But even so obviously you are better off to download the uncertified ones from untrustworthy sources. Chances of "infection" are less than downloading from HP itself.
(Really, do the math: Download at HP, certified driver section = 100% chance to get a keylogger; download at chinahackerswilldestroyyourmachine.cn is statistically less! :-P)
Does anyone know if there is a driver release without keyloggers, even if they are "old" like two or three years? I really don't care, if they do not contain any malware.
sverek
Why keylogger even exists. It's just asking for trouble.
schmidtbag
To me, the fact you need a 3rd party driver for a basic input device is enough of a red flag to me. I wish companies would keep their crappy bloatware out of my user experience. Though, this is usually why if I use Windows, I just do a fresh OEM install.
Keyloggers pretty much always exist specifically to cause trouble. The driver isn't "intentionally" a keylogger, though.
JJayzX
schmidtbag