Keylogger Discovered in HP NoteBook Keyboard Drivers

HP Notebook Drivers contains Keylogger vulnerability that can be abused by hackers and steal the user’s information which could be affected with hundred of HP Notebook model.

This critical vulnerability discovered in keyboard driver SynTP.sys HP Notebook computers and by default logging was disabled and we can enable by setting a registry value (UAC required).

Registry value:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

The genuine SynTP.sys file is a software component of Synaptics Pointing Device by Synaptics.

Synaptics Pointing Devices enable touch sensitivity on devices such as laptops, touchscreens, and special keyboards. SynTP.sys is a system driver for the Synaptics Pointing Device.

Also Read: Beware!!keyloggers Discovered in more than 5,000 WordPress Websites

This flaw has been discovered by the reversing the SynTP.sy via IDA Disassembler and researchers noticed that there is many strings are presented in the disassembled code which contains an indication of the keylogger vulnerability.

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.
I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.
They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

This critical debug trace flaw leads to abuse the Registry key using malware by hackers and try to enable the keylogger behavior through bypassing the User Account Control (UAC) using many open source tools.

Researchers have been reported this critical vulnerability into HP and they consider it as Potential, local loss of confidentiality. Finally acknowledged and released a Driver update for all the affected HP Models.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue” HP said.

Keylogger Discovered in HP Notebook Keyboard Drivers

Supply Chain Attack Prevention

Follow Us on Google News

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.

I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.

They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

Latest articles

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Discussion points

More like this

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

Critical Apache Parquet Vulnerability Allows Remote Code Execution

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2025