Keylogger Found on Hundreds of HP Laptops: What to Do
A keylogging tool found on hundreds of HP notebooks is getting a lot of tech sites riled up, but it doesn't appear to be the privacy nightmare that some may have you believe. Yes, there is a tool lurking inside of more than 460 models of HP laptops (some of which date back to 2012), but it's easy to eradicate, is deactivated by default and likely hasn't been used against you.
The HP Spectre is one of the affected laptops. Credit: Shaun Lucas/Laptop Mag
What to Do Now
Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on Nov. 7 posted device-specific patches for most of the models affected, which can be downloaded here. In its advisory, HP noted that "a potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners."
Microsoft bundled those patches into the November Windows update, so if you can't find your model in the linked page, just Windows Update by clicking the Start button, clicking the settings gear, hitting Windows Update and tapping Check for Update.
The activity-tracking tool, which is actually made by touchpad-maker Synaptics and appears to be developer software, was discovered by a tech sleuth named "ZwClose" who was trying to find out how the backlighting worked in HP laptop keyboards. In a detailed explanation he posted on Dec. 7 to GitHub, this mysterious expert said he noticed that the SynTP.sys keyboard driver contained code that would save and transmit user activity.
Fortunately for owners of the affected laptops -- which include models from nearly every HP line, such as Pavillion, Envy and Spectre -- ZwClose noted that the technology needs to be enabled by editing the Windows Registry, and could be erased by simply updating Windows. To run Windows Update, click the Start button, click the settings gear, hit Windows Update and tap Check for Update.
(We've not heard of the same issue affecting other brands yet, but it's worth noting that HP had a similar problem with a third-party audio driver in May 2017.)
In a statement, HP stated that it "uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
While nearly every affected model that HP lists has a patch available, eight do not:
- HP ENVY m6-n000 Notebook (models m6-n0XX and m6t-n000)
- HP ENVY m6-n000 Notebook (models m6-n0XX and m6z-n0XX)
- HP ENVY m6-n100 Notebook (models m6-n1XX and m6z-n1XX)
- HP ENVY m6-n200 Notebook (models m6-n2XX and m6z-n2XX)
- HP ENVY TouchSmart 15 Notebook PC (models 15-q1XX and 15t-q100)
- HP ENVY TouchSmart 15 Notebook PC (models 15-q0XX and 15t-q000)
- HP Stream x360 11 Convertible Notebook (models 11-p0XX and 11t-p000)
- HP x360 11 Convertible Notebook (models 11-p1XX and 11t-p100)
If you use any of those HP laptops, keep an eye on their listings here to see if HP provides a fix.
While we advise users to perform this action as soon as they can, you're probably safe for the moment. HP states that "A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue."
In order to enable the behavior-tracking capabilities, a user would need to access the notebook on an account with administrator rights. And if someone has already made it that far into your notebook, they could install their own surveillance technology. So as we always say, keep administrator access to your machine to a bare minimum.
Image Credit: Shaun Lucas/Laptop Mag
Editor's Note: This article was originally published on Laptop Mag.