Some HP laptops users came with a preinstalled program to capture the keystrokes of users, a security researcher recently discovered.
The researcher, Michael Myng aka “ZwClose,” discovered the keylogger software while trying to solve a keyboard problem for a friend. The software is turned off by default.
After Myng contacted HP about the program, it quickly released a patch to get rid of it.
“A keylogger is a very dangerous piece of software,” said Lamar Bailey, director of security research and development at Tripwire.
“It is like having someone looking over your shoulder while you are typing,” he told TechNewsWorld. “Keyloggers can capture passwords that can be used to access financial accounts, record personal communications or even proprietary code under development.”
No Malicious Intent
Keyloggers are an important weapon in the arsenal of cyberattackers, noted Chris Morales, head of security analytics at Vectra Networks.
“They’re often used in the recon phase of targeted attacks to gather user credentials and other sensitive information which can later be used to compromise user accounts,” he told TechNewsWorld.
“Keyboard loggers can be very hard to spot with consumer AV,” Morales added.
Once a machine is compromised, instead of using a malicious payload that possibly could be identified by security products, a smart attacker might turn on and use the built-in keyboard logger feature, explalined David Picket, a security analyst with AppRiver.
“This would help them evade traditional detection methods that security products might have otherwise detected,” he told TechNewsWorld.
As dangerous as keyloggers can be, the software in the more than 460 HP laptop models doesn’t appear to have any malicious intent behind it.
“The keylogger appears to be a part of the driver of the Synaptics Touchpad,” said Frederik Mennes, the senior manager for market and security strategy at Vasco Data Security.
“It was used for debugging purposes by the company providing the touchpad,” he told TechNewsWorld.
The keylogger tool should have been removed from the software before it was finalized, said Vectra’s Morales.
“While in this instance it’s unlikely to be a consciously malicious act,” he continued, “it is another example of poor QA controls of digital supply chain risk.”
It’s likely that the quality control checks for the third-party drivers weren’t extensive enough to uncover the disabled keylogger remaining from the software development stage, AppRiver’s Picket said.
“The keylogging data would be extremely useful while the software was undergoing development for troubleshooting and debugging purposes, but a security concern, once distributed,” he explained.
Low Risk for Consumers
While the code on the laptop isn’t malicious, it could be exploited by bad actors, noted Joseph Carson, head of global strategic alliances at Thycotic.
“It would be a major catastrophe if the code was injected by hackers without HP’s knowledge,” he told TechNewsWorld.
It would be even worse if code given to HP by suppliers weren’t being checked carefully before being sent to the systems producing the company’s products.
“If that were the case, then I would be very concerned about other code that goes through the same software development lifecycle,” Carson said.
Keyloggers can be a serious threat to consumers, but in the case of the HP keyloggerm the threat isn’t significant, suggested Vasco’s Mennes.
“The keylogger is disabled by default, and requires administrative access to the device to be enabled, so the risk for consumers and business users is rather low,” he pointed out.
“I do not believe consumers should be concerned that a cybercriminal could exploit the code with administrative permissions,” remarked Thycotic’s Carson. “If so, then the consumer already has much bigger issues and likely their systems are fully compromised.
Still, it’s advisable for consumers to ensure their systems are updated, he said, to reduce opportunities for exploitation.