Monday, February 10, 2025
HomeCVE/vulnerabilityKeylogger Discovered in HP Notebook Keyboard Drivers

Keylogger Discovered in HP Notebook Keyboard Drivers

Published on

SIEM as a Service

Follow Us on Google News

HP Notebook Drivers contains Keylogger vulnerability that can be abused by hackers and steal the user’s information which could be affected with hundred of HP Notebook model.

This critical vulnerability discovered in keyboard driver SynTP.sys HP Notebook computers and by default logging was disabled and we can enable by setting a registry value (UAC required).

Registry value:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

The genuine SynTP.sys file is a software component of Synaptics Pointing Device by Synaptics.

Synaptics Pointing Devices enable touch sensitivity on devices such as laptops, touchscreens, and special keyboards. SynTP.sys is a system driver for the Synaptics Pointing Device.

Also Read: Beware!!keyloggers Discovered in more than 5,000 WordPress Websites

This flaw has been discovered by the reversing the SynTP.sy via IDA Disassembler and researchers noticed that there is many strings are presented in the disassembled code which contains an indication of the keylogger vulnerability.

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.
I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.
They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

This critical debug trace flaw leads to abuse the Registry key using malware by hackers and try to enable the keylogger behavior through bypassing the User Account Control (UAC) using many open source tools.

Researchers have been reported this critical vulnerability into HP and they consider it as Potential, local loss of confidentiality. Finally acknowledged and released a Driver update for all the affected HP Models.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue” HP said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

NetSupport RAT Grant Attackers Full Access to Victims Systems

The eSentire Threat Response Unit (TRU) has reported a significant rise in incidents involving...

Quishing via QR Codes Emerging as a Top Attack Vector Used by Hackers

QR codes, once a symbol of convenience and security in digital interactions, have become...

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Marvel Game Vulnerability Exposes PCs & PS5s to Remote Takeover Attacks

A severe security vulnerability has been uncovered in the popular video game Marvel Rivals, raising...

Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data

Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform,...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...