Hundreds of HP laptop models dating back to 2012 are affected by a potential vulnerability that could allow attackers to log keystrokes:
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models. Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability". It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
(Score: 0) by Anonymous Coward on Tuesday December 12 2017, @11:39AM (2 children)
for technical or editorial errors or omissions contained herein.The information provided is provided "as is" without warranty of any kind.To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restorationThe [sic] information in this document is subject to change without notice.HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries.Other product and company names mentioned herein may be trademarks of their respective owners.
(Score: 5, Insightful) by BsAtHome on Tuesday December 12 2017, @11:58AM (1 child)
Translation for mere mortals:
Fuck You; we do the fuck we want and the only thing you, the customer, are supposed to do is pay us. Now shut up and pay us some more.
(Score: 0) by Anonymous Coward on Tuesday December 12 2017, @12:51PM
I find your views interesting and would like to subscribe to your newsletter.
(Score: 5, Informative) by meustrus on Tuesday December 12 2017, @04:37PM (3 children)
From the linked post by Michael Myng: [github.io]
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by DannyB on Tuesday December 12 2017, @04:53PM (1 child)
So it's all okay then. Enabling the keylogger requires changing a registry setting with UAC required.
I wonder how technically feasible it is for anyone who controls Intel Management Engine to change this registry setting?
Of course, with Intel ME, one could probably implement a key logger completely outside of the OS or motherboard firmware.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 3, Insightful) by Geezer on Tuesday December 12 2017, @06:08PM
Can you say, "NSA"?
Sure you can!
It's a beautiful day in the neighborhood....
(Score: 2) by frojack on Wednesday December 13 2017, @05:48AM
TFS seems to suggest HP was throwing Synaptic under the bus.
What's up with that?
No, you are mistaken. I've always had this sig.
(Score: 2, Funny) by Anonymous Coward on Tuesday December 12 2017, @05:14PM
... HP bundled some useful software with their laptops.
(Score: 2) by boltronics on Wednesday December 13 2017, @02:28AM
Not worried. I nuked all that pre-installed garbage with a nice clean Debian GNU/Linux installation.
It's GNU/Linux dammit!
(Score: 0) by Anonymous Coward on Wednesday December 13 2017, @03:50PM
https://soylentnews.org/article.pl?sid=17/11/28/190201 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday December 13 2017, @11:02PM
"potential security vulnerability"
can't take you seriously if you don't know what "vulnerability" maybe just a liar?