Tuesday, June 25, 2024

Keylogger Discovered in HP Notebook Keyboard Drivers

HP Notebook Drivers contains Keylogger vulnerability that can be abused by hackers and steal the user’s information which could be affected with hundred of HP Notebook model.

This critical vulnerability discovered in keyboard driver SynTP.sys HP Notebook computers and by default logging was disabled and we can enable by setting a registry value (UAC required).

Registry value:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

The genuine SynTP.sys file is a software component of Synaptics Pointing Device by Synaptics.

Synaptics Pointing Devices enable touch sensitivity on devices such as laptops, touchscreens, and special keyboards. SynTP.sys is a system driver for the Synaptics Pointing Device.

Also Read: Beware!!keyloggers Discovered in more than 5,000 WordPress Websites

This flaw has been discovered by the reversing the SynTP.sy via IDA Disassembler and researchers noticed that there is many strings are presented in the disassembled code which contains an indication of the keylogger vulnerability.

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.
I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.
They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

This critical debug trace flaw leads to abuse the Registry key using malware by hackers and try to enable the keylogger behavior through bypassing the User Account Control (UAC) using many open source tools.

Researchers have been reported this critical vulnerability into HP and they consider it as Potential, local loss of confidentiality. Finally acknowledged and released a Driver update for all the affected HP Models.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue” HP said.

Website

Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles