For the second time this year, HP has had to create a patch for its laptops, after a security researcher found a driver-level keylogger – and this time, customers might have to check their own products, even if they’re not made by HP.

The debug trace was in the Synaptics Touchpad driver used almost across-the-board in HP laptops, and while it is turned off by default, a registry entry could turn it on. Apparently home and office users are likely to turn it on, and it would be a tasty exploit for RAT (remote access trojan) herders.

The bug was disclosed by “ZwClose”, who was looking through the driver to see if they could adjust the backlighting of HP laptop keyboards.

More digging showed that the driver “saved scan codes to a Windows software trace preprocessor.”

HP acknowledged the issue, and issued updates for more than 173 commercial products and over 293 consumer products.

ZwClose wrote that a fix would also land in Windows Update.

Consumer items still awaiting a fix include eight HP Envy variants, an HP Stream series, as well as an HP x360 11 convertible.

HP’s advisory stated that the vulnerability “impacts all Synaptics OEM partners”, so we can expect a rash of driver updates to be released in the future.

Back in May 2017, security researchers from Swiss outfit Modzero found a keylogger in HP laptops’ Conexant audio drivers. As with the latest discovery, the logging was in debugging code the developers forgot to remove from production models.

Protect yourself and your business from the threat of attack, and ensure your devices are clean. Get a FREE on site, non-intrusive, deep network analysis to determine how effective your existing Cyber Security measures are.

Call us on 0345 644 2245 or click here to fill in our enquiry form and a member of the team will be in touch.