Today we’re hearing out a rather worrying vulnerability in a large range of HP notebooks. Apparently, these notebooks came with a deactivated keylogger installed, which is enough to give pretty much anyone pause. The good news, however, is that HP has worked quickly in solving the issue, and beyond that, there’s little chance of anyone actually being affected by this vulnerability.
The issue was first reported by Michael Myng, as he stumbled upon the keylogger when someone asked him if he could figure out how to control the backlight to their HP keyboard. He took a look at the driver – which was made by Synaptics – and discovered the disabled keylogger as he was checking it out. Myng describes the whole process over on a blog post to Github.
Myng alerted HP, which he says responded “terrificly fast,” in confirming the presence of the keylogger. In the time since Myng reported the issue, HP has clarified the problem further over on its support site, noting that this was a problem with Synaptics touch pad drivers. HP also notes that this impacts all Synaptics OEM partners, so the vulnerability may not be limited to just HP’s lineup of notebooks.
Now for the good news: any unsavory people looking to take advantage of this vulnerability would need administrative privileges to your computer, so unless they were using your notebook in person, you’re probably okay. HP reassures that neither it nor Synaptics has access to any user data as the result of this problem, which is certainly another good thing to hear.
On that support page, HP has also listed updated drivers that fix the vulnerability for each affected device. The list is hundreds of entries long, so if you own an HP laptop, you’ll definitely want to make sure your Synaptics drivers are up-to-date. We’ll see if any other Synaptics OEM partners come forward with more about this vulnerability, so stay tuned for that.