Hundreds of HP laptop models dating back to 2012 are affected by a potential vulnerability that could allow attackers to log keystrokes:
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models. Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability". It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
(Score: 2) by DannyB on Tuesday December 12 2017, @04:53PM (1 child)
So it's all okay then. Enabling the keylogger requires changing a registry setting with UAC required.
I wonder how technically feasible it is for anyone who controls Intel Management Engine to change this registry setting?
Of course, with Intel ME, one could probably implement a key logger completely outside of the OS or motherboard firmware.
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by Geezer on Tuesday December 12 2017, @06:08PM
Can you say, "NSA"?
Sure you can!
It's a beautiful day in the neighborhood....