Deactivated Keylogger Found on Many HP Laptops

Last Edited: December 11, 2017 | Published: December 11, 2017 by

Deactivated Keylogger Found on Many HP Laptops

Attention all HP laptop owners. A deactivated keylogger has been found on over 460 HP laptops. While there is no immediate threat, you should update your system as soon as possible to remove it.

Researcher Michael Myng first found the deactivated keylogger after someone asked for help in controlling the keyboard backlight on their HP laptop. After more research, he found that it impacted many different HP laptops on the market. While this keylogger is deactivated, if someone with nefarious intentions were to discover it, they could exploit it to get a glimpse at everything you enter on your HP keyboard.

“Some time ago someone asked me if I can figure out how to control HP’s laptop keyboard backlight,” wrote Myng. “I asked for the keyboard driver SynTP.sys, opened it in IDA, and after some browsing noticed a few interesting strings.”

What did he find in these strings? He found what appeared to be a keylogger that had been deactivated, but was still present on the system. A keylogger is a type of potentially malicious software that can allow an attacker to record and read your keystrokes. This deactivated keylogger was found in a Synaptics Driver on many different HP computers.

The keylogger would prepare and send keystrokes to an unnamed target, leading Myng to believe he may have found something interesting, or worse, potentially serious. So what did he do? He contacted HP. Thankfully, HP responded pretty quickly.

“I tried to find HP laptop for rent and asked a few communities about that but got almost no replies,” he said. “One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding. They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”

So what was it? It was a debug trace that the company’s engineers used to track down bugs in the software before they release a laptop and its hardware into the wild. It looks like someone just forgot to get rid of it. I wouldn’t want to be that guy right about now. HP has already released a patch to get rid of it.

So what should you do? If you do own an HP laptop, I would check this list to see if your HP has this keylogger on it. If it does, then you can download a fix here. Remember, companies often use these types of keyloggers to track down problems and test their systems. However, these keyloggers are usually removed from the systems before they are mass produced and released to the general public. In this case, the removal wasn’t done. That left a deactivated, but potentially harmful keylogger on many different HP models. Luckily, HP responded to the potential threat and released a patch before anything bad could happen.

Do you have an HP laptop? If so, check the list and let us know if you are one of the ones affected. Don’t forget to download the patch and tell us how easy or difficult it was to patch your system so the rest of the world knows.

About the author

Matt Garrett

Matt is an IT professional with over fifteen years experience supporting network infrastructure and computers. An avid gamer, Matt enjoys his time playing and writing about his experiences both in the IT world and in the gaming communities. You can find more of his writing for LaptopNinja where he enjoys talking about everything tech.

See all posts from Matt Garrett