460 HP laptop models featured keylogging software that recorded every keystroke

460 HP laptop models featured keylogging software that recorded every keystroke

460 HP laptop models featured hidden keylogging software

An observant security researcher recently detected the presence of keylogging software in HP laptop models that could record letters typed on their keyboards at all times.

The keylogging software in HP laptops were disabled by default but could be activated by any malicious actor with access to a laptop.

While checking if he could adjust an HP computer’s keyboard backlight, security researcher Michael Myng recently stumbled upon a code that matched the format for keylogging software that could record every letter typed on a keyboard.

Upon further examination, Myng concluded that the keylogging software was disabled by default in HP laptops but could be activated by anyone with access to a computer.

Myng reported his findings to HP following which the firm responded quickly and issued a software update to plug the ‘potential security vulnerability’.

‘A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability,’ said HP in a statement on its website.

‘Neither Synaptics nor HP has access to customer data as a result of this issue,’ it added.

Subsequent revelation by HP revealed the true nature of the vulnerability. As per a list of affected devices released by the company, the keylogging software was pre-installed in as many as 460 laptop models belonging to the EliteBook, ProBook, Pavilion, and Envy ranges.

This is yet another glaring example of how pre-installed software in devices can be misused by malicious actors to snoop on users’ online activities and to evade usual privacy settings in devices. Last month, researchers at Princeton University revealed that as many as 482 popular websites were using session-replay scripts that allowed third party vendors to record mouse movements and what users typed on their keyboards.

‘These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder,’ the researchers said.

As such, these recordings contain everything you typed on the website, including passwords, credit card numbers and everything else. According to the researchers, such session-replay scripts are used to gather insights into how users interact with websites and are far more detailed compared to analytics services that provide aggregate statistics.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]