Oops… Some HP Laptops Shipped With Hidden Keylogger

Some HP laptops customers got here with a preinstalled program to seize the keystrokes of customers, a safety researcher not too long ago found.

The researcher, Michael Myng aka “ZwClose,” found the keylogger software program whereas making an attempt to resolve a keyboard downside for a good friend. The software program is turned off by default.

After Myng contacted HP about this system, it rapidly launched a patch to do away with it.

“A keylogger is a really harmful piece of software program,” mentioned Lamar Bailey, director of safety analysis and growth at Tripwire.

“It’s like having somebody wanting over your shoulder while you’re typing,” he informed TechNewsWorld. “Keyloggers can seize passwords that can be utilized to entry monetary accounts, file private communications and even proprietary code below growth.”

No Malicious Intent

Keyloggers are an vital weapon within the arsenal of cyberattackers, famous Chris Morales, head of safety analytics at Vectra Networks.

“They’re usually used within the recon part of focused assaults to assemble consumer credentials and different delicate data which might later be used to compromise consumer accounts,” he informed TechNewsWorld.

“Keyboard loggers will be very onerous to identify with shopper AV,” Morales added.

As soon as a machine is compromised, as a substitute of utilizing a malicious payload that presumably may very well be recognized by safety merchandise, a wise attacker may activate and use the built-in keyboard logger function, explalined David Picket, a safety analyst with AppRiver.

“This could assist them evade conventional detection strategies that safety merchandise might need in any other case detected,” he informed TechNewsWorld.

Manufacturing Error

As harmful as keyloggers will be, the software program within the greater than 460 HP laptop computer fashions doesn’t seem to have any malicious intent behind it.

“The keylogger seems to be part of the motive force of the Synaptics Touchpad,” mentioned Frederik Mennes, the senior supervisor for market and safety technique at Vasco Knowledge Safety.

“It was used for debugging functions by the corporate offering the touchpad,” he informed TechNewsWorld.

The keylogger device ought to have been faraway from the software program earlier than it was finalized, mentioned Vectra’s Morales.

“Whereas on this occasion it’s unlikely to be a consciously malicious act,” he continued, “it’s one other instance of poor QA controls of digital provide chain danger.”

It’s possible that the standard management checks for the third-party drivers weren’t in depth sufficient to uncover the disabled keylogger remaining from the software program growth stage, AppRiver’s Picket mentioned.

“The keylogging information can be extraordinarily helpful whereas the software program was present process growth for troubleshooting and debugging functions, however a safety concern, as soon as distributed,” he defined.

Low Danger for Shoppers

Whereas the code on the laptop computer isn’t malicious, it may very well be exploited by unhealthy actors, famous Joseph Carson, head of world strategic alliances at Thycotic.

“It might be a significant disaster if the code was injected by hackers with out HP’s data,” he informed TechNewsWorld.

It might be even worse if code given to HP by suppliers weren’t being checked fastidiously earlier than being despatched to the techniques producing the corporate’s merchandise.

“If that had been the case, then I’d be very involved about different code that goes via the identical software program growth lifecycle,” Carson mentioned.

Keyloggers generally is a critical risk to customers, however within the case of the HP keyloggerm the risk isn’t vital, prompt Vasco’s Mennes.

“The keylogger is disabled by default, and requires administrative entry to the machine to be enabled, so the danger for customers and enterprise customers is somewhat low,” he identified.

“I don’t imagine customers must be involved {that a} cybercriminal may exploit the code with administrative permissions,” remarked Thycotic’s Carson. “In that case, then the patron already has a lot larger points and sure their techniques are totally compromised.

Nonetheless, it’s advisable for customers to make sure their techniques are up to date, he mentioned, to cut back alternatives for exploitation.