Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

1092751 Posts in 72323 Topics- by 19429 Members - Latest Member: 17williarw
Jump to:  
The Trombone ForumHorns, Gear, and EquipmentTechnology(Moderator: john sandhagen) HP laptops found to have hidden keylogger
Pages: [1]   Go Down
Print
Author Topic: HP laptops found to have hidden keylogger  (Read 655 times)
0 Members and 1 Guest are viewing this topic.
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6635

View Profile
« on: Dec 11, 2017, 09:24AM »

wow....

HP laptops found to have hidden keylogger

Quote
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.

Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.

HP said more than 460 models of laptop were affected by the "potential security vulnerability".

Second time for HP..

Quote
In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.

At the time, the company said the keylogger code had been mistakenly added to the software.


Someone on the inside has to be doing that intentionally, right?
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
Quiros

*
*
Offline Offline

Location: Alabama
Joined: Feb 16, 2016
Posts: 114

View Profile
« Reply #1 on: Dec 11, 2017, 11:33AM »

That's just great. Our company recently switched from Dell to HP laptops and I was one of the first recipients of an HP. I see my model number on there.
Logged

I just enjoy playing!
M&W 929 dependent bass
King 3BF Silversonic
B&H Imperial E-flat tuba
Ellrod

*
Offline Offline

Location: North
Joined: Oct 30, 2001
Posts: 6475

View Profile
« Reply #2 on: Dec 11, 2017, 11:41AM »

Is there a good business reason for this?
Logged
Matt K

*
*
Offline Offline

Location:
Joined: May 6, 2010
Posts: 7252

View Profile
« Reply #3 on: Dec 11, 2017, 11:59AM »

Well, its disabled by default according to the article.  It would take someone to be able to gain access and knowingly activate it. If they had that kind of access, they could also install a keylogger faairly easilyi so its probably not a huge deal.
Logged

What's in a name? that which we call a tenor-bass posaune
By any other name would smell as sweet;
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51526
"Almost Professional"


View Profile
« Reply #4 on: Dec 11, 2017, 12:06PM »

Wonder if it still works if I take my HP drive out of an HP computer, put it in another brand, and let it configure to the new brand's drivers?  Then again, it's a Lenovo and it probably has some more sneaky worms anyway.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
John Beers Jr.

*
Offline Offline

Location: Houston, TX
Joined: Dec 8, 2002
Posts: 3548

View Profile
« Reply #5 on: Dec 11, 2017, 12:15PM »

Is there a good business reason for this?

Remember the beating that Apple took for refusing/being unable to unlock the San Bernardino terrorists' phones? That indicates public perception of end-to-end encryption, the "dark web", etc. "If you have nothing to hide, you have nothing to fear".

I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".

I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.
Logged

"Progress is just another word for making bad things happen faster" - Granny Weatherwax
Matt K

*
*
Offline Offline

Location:
Joined: May 6, 2010
Posts: 7252

View Profile
« Reply #6 on: Dec 11, 2017, 12:28PM »

Remember the beating that Apple took for refusing/being unable to unlock the San Bernardino terrorists' phones? That indicates public perception of end-to-end encryption, the "dark web", etc. "If you have nothing to hide, you have nothing to fear".

I'm sure someone at HP made the business decision that "Well, security nerds aren't buying our products anyway, and we have like 10 competitors doing the same thing for the same price. If we're involved in a major scandal like that, we'll never recover, and, if this ever comes out, only 10% of our potential buyers will even care".

I mean, it's still stupid and the costs overweigh the benefits, but it's not like it's without ANY merit.

Comparing to Apple products, this seems much closer to the massive bug in their products from like iOS 5 -> 7 that was eventually patched that prevented anything being sent over SSL. Although in that case it wasn't for development purposes.  Its not difficult to leave something in code that would otherwise be used for debugging.

Wonder if it still works if I take my HP drive out of an HP computer, put it in another brand, and let it configure to the new brand's drivers?  Then again, it's a Lenovo and it probably has some more sneaky worms anyway.

Windows licensing issues aside, you'd still have the driver installed if you did that.  All you have to do is uninstall the keyboard driver.  Installing a Lenovo driver... might(?) work, but you don't need to switch anything out to try it. Though make sure you have another keyboard because as soon as you unstall the driver, it sounds like the trackpad and keyboard will stop functioning.
Logged

What's in a name? that which we call a tenor-bass posaune
By any other name would smell as sweet;
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51526
"Almost Professional"


View Profile
« Reply #7 on: Dec 11, 2017, 12:42PM »

Didn't have any licensing issues -- the new box came with a Windows 7 COA and it authorized just fine.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
fsung
*
Offline Offline

Location:
Joined: Oct 3, 2007
Posts: 391

View Profile
« Reply #8 on: Dec 11, 2017, 02:14PM »

Its not difficult to leave something in code that would otherwise be used for debugging.

This.

Although the fact that it was left in there does raise the questions of whether the code was stuck in there by HP, or if Synaptics included it in the basic driver package to assist mfgs in customizing the driver to work with their hardware, and if the latter, which other mfg's laptops are similarly vulnerable?

BTW ... [spelling nazi]It's.[/spelling nazi].  :D
Logged
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6635

View Profile
« Reply #9 on: Dec 11, 2017, 05:10PM »

What do you do with a keylogger in an audio driver?
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
Matt K

*
*
Offline Offline

Location:
Joined: May 6, 2010
Posts: 7252

View Profile
« Reply #10 on: Dec 11, 2017, 05:35PM »

Didn't have any licensing issues -- the new box came with a Windows 7 COA and it authorized just fine.

Yeah but when you put a system drive in another PC, or even the same PC with a different motherboard, Windows treats it as a new machine and requires you to re-regster. OEM installs in particular have some thorny licensing where suddenly windows decides it isn't active anymore and you have to go through calling up MS and explaining what you did and having them sort out the licensing issue. 


BTW ... [spelling nazi]It's.[/spelling nazi].  :D


Yeah, I need to disable autocorrect. I have no idea why it decides to do the things it does!  My favorite is the correction from "we'll" to "well".  Like I accidentally left an extra apostrophe in there on accident or something???

What do you do with a keylogger in an audio driver?

Its possible they have a generic debugging script they use in development that includes any tool they might need, whether it gets used in a particular project or not. Might also have been used to determine if there was interference with the "fn" set of keys for the volume up and down buttons. Logging keys is usually, at most, 3 or 4 lines of code.  It wouldn't surprise me if 75% of the applications one has one their machine has something that could be called a keylogger. The hard part is figuring out what is malicious. 

For example, you every see the "click here to verify your humanity" capthcas?  Those work by checking your browser for imprecise mouse motions, random keypresses, etc. within the last n seconds or minutes of browser activity. Keylogger or useful feature?  Both, really. Your browser logs that activity and sends it somewhere remotely. Its just that the data is used for something you find useful and not something malicious (well, probably  Evil).

Now if this driver were sending megabytes of information per day to some server at HP... yeah that would be... suspect. But merely having the opportunity to do so is not quite the same.
Logged

What's in a name? that which we call a tenor-bass posaune
By any other name would smell as sweet;
Todd Jonz
Department of Redundancy Department

*
Offline Offline

Location: Vermont
Joined: Sep 13, 2003
Posts: 3667
"Do not taunt Happy Fun Ball."


View Profile
« Reply #11 on: Dec 12, 2017, 10:02AM »


robcat2075 asks:

> What do you do with a keylogger in an audio driver?

Debug the API that supports system-level keyboard-based (including macros, keyboard remapping, etc.) audio controls.


Logged

Have you registered at TromboneChat.com yet?
Pages: [1]   Go Up
Print
Jump to: