Hundreds of HP laptop models dating back to 2012 are affected by a potential vulnerability that could allow attackers to log keystrokes:
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models. Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability". It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
(Score: 5, Informative) by meustrus on Tuesday December 12 2017, @04:37PM (3 children)
From the linked post by Michael Myng: [github.io]
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by DannyB on Tuesday December 12 2017, @04:53PM (1 child)
So it's all okay then. Enabling the keylogger requires changing a registry setting with UAC required.
I wonder how technically feasible it is for anyone who controls Intel Management Engine to change this registry setting?
Of course, with Intel ME, one could probably implement a key logger completely outside of the OS or motherboard firmware.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 3, Insightful) by Geezer on Tuesday December 12 2017, @06:08PM
Can you say, "NSA"?
Sure you can!
It's a beautiful day in the neighborhood....
(Score: 2) by frojack on Wednesday December 13 2017, @05:48AM
TFS seems to suggest HP was throwing Synaptic under the bus.
What's up with that?
No, you are mistaken. I've always had this sig.