Thursday, March 28, 2024

Keylogger Discovered in HP Notebook Keyboard Drivers

HP Notebook Drivers contains Keylogger vulnerability that can be abused by hackers and steal the user’s information which could be affected with hundred of HP Notebook model.

This critical vulnerability discovered in keyboard driver SynTP.sys HP Notebook computers and by default logging was disabled and we can enable by setting a registry value (UAC required).

Registry value:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

The genuine SynTP.sys file is a software component of Synaptics Pointing Device by Synaptics.

Synaptics Pointing Devices enable touch sensitivity on devices such as laptops, touchscreens, and special keyboards. SynTP.sys is a system driver for the Synaptics Pointing Device.

Also Read: Beware!!keyloggers Discovered in more than 5,000 WordPress Websites

This flaw has been discovered by the reversing the SynTP.sy via IDA Disassembler and researchers noticed that there is many strings are presented in the disassembled code which contains an indication of the keylogger vulnerability.

According to Researcher, had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not.
I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding.
They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.

This critical debug trace flaw leads to abuse the Registry key using malware by hackers and try to enable the keylogger behavior through bypassing the User Account Control (UAC) using many open source tools.

Researchers have been reported this critical vulnerability into HP and they consider it as Potential, local loss of confidentiality. Finally acknowledged and released a Driver update for all the affected HP Models.

“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impact all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue” HP said.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles