Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: ssfc72 on December 11, 2017, 06:19:24 PM

Title: HP Laptops keylogger found
Post by: ssfc72 on December 11, 2017, 06:19:24 PM
This BBC article talks about a keylogger that has been found pre-installed on a range of HP series of laptops.
The keylogger is in the driver software for the synapics touchpad.
The article also mentions that another keylogger was found earlier, in the sound driver for HP laptops.

The keylogger is off by default and could only be activated if someone had physical access to the laptop.

I suspect this security issue would only apply to the Windows OS of these computers and would not be an issue if your HP laptop is running a Linux Distro.

http://www.bbc.com/news/technology-42309371

Bill
Title: Re: HP Laptops keylogger found
Post by: fox on December 11, 2017, 07:23:36 PM
Whoa, that's pretty scary. Pre-installed meaning HP put it there? Can't they be sued?
Title: Re: HP Laptops keylogger found
Post by: Jason on December 12, 2017, 01:14:36 AM
Yes, I believe it affects only Windows software as the patches for it are all EXE files. It's possible they could be sued but it probably wasn't deliberate. The code in question was used for debugging purposes (i.e. for developer use) and should have been removed before being preinstalled but somebody forgot. The keylogger was disabled by default as Bill mentioned and could only be enabled with somebody with physical administrative access and a registry patch, though certainly, the right kind of malware could do this. If you have an HP using Windows and HP drivers, you should definitely patch now that it's known how it can be exploited.