• Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    Home » Forums » Newsletter and Homepage topics » Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    Tags:

    Author
    Topic
    woody
    Manager
    December 15, 2017 at 8:30 am #152171

    You can make up your own mind, of course, but last week I posted a reference to Catalin Cimpanu’s report of a massive replacement of HP Synaptics driv
    [See the full post at: Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger]

    1 user thanked author for this post.
    JDeC
    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • b
      AskWoody_MVP
      December 15, 2017 at 10:37 am #152221

      But if someone had to bypass a UAC prompt to edit the registry to enable this disabled keylogger, wouldn’t they have been equally able to install a hidden keylogger of their own choice which could have remained unfound for longer? Not good to have sitting there, but not active until hacked.

      Reply | Quote
    • EyesOnWindows
      AskWoody Lounger
      December 15, 2017 at 12:36 pm #152264

      To really get your dander up, read the article “An alarming number of sites employ privacy invading session replay scripts by Dan Goodin“. It starts off with “No, you’re not being paranoid. Sites really are watching your every move. Sites log your keystrokes and mouse movements in real time, before you click submit.”

      The study‘s “Site list” referred to in that article was updated 30 November 2017 to list 2455 sites.

      HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
      Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
      HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
      Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB
      1 user thanked author for this post.
      Bill C.
      Reply | Quote
    • OscarCP
      Member
      December 15, 2017 at 3:56 pm #152340

      If I remember this correctly, Mr. Cimpanu in his original posting in “bleeping computer” gave the world the advice to turn off the Registry entry corresponding to the alleged HP keylogger and showed everyone who cared to read his posting the particular Registry key that needed to be deactivated.

      Perhaps I am wrong, but isn’t doing that the same as what is meant, in the smarmy business-speak of the HP “reassuring” message, that the offending feature has been “defeatured”?

      And, again, unless I am not too off-target here, would not have been reading Mr. Cimpanu’s posting an absolute delight to black hats everywhere, because of that scrumptious bit of information he revealed in his first posting?

      Because, if I am right about that, why should anyone take this getleman’s word seriously  on anything he posts?

       

       

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      Reply | Quote
      • b
        AskWoody_MVP
        December 16, 2017 at 12:30 pm #152650
        OscarCP wrote:

        If I remember this correctly, Mr. Cimpanu in his original posting in “bleeping computer” gave the world the advice to turn off the Registry entry corresponding to the alleged HP keylogger and showed everyone who cared to read his posting the particular Registry key that needed to be deactivated.

        The registry entry was already turned off. Administrative permissions were required to turn it on.

        OscarCP wrote:

        Perhaps I am wrong, but isn’t doing that the same as what is meant, in the smarmy business-speak of the HP “reassuring” message, that the offending feature has been “defeatured”?

        No, “defeatured” referred to removed code in new drivers which have been available for more than a month.

        OscarCP wrote:

        And, again, unless I am not too off-target here, would not have been reading Mr. Cimpanu’s posting an absolute delight to black hats everywhere, because of that scrumptious bit of information he revealed in his first posting?

        You could say the same about any article concerning a flaw or any security bulletin announcing a vulnerability. That’s why responsible disclosure requires that a patch has already been made available (or at least that the vendor has had sufficient time to do so).

        OscarCP wrote:

        Because, if I am right about that, why should anyone take this getleman’s word seriously on anything he posts?

        Don’t shoot the messenger. It wasn’t an exclusive as it was based on an HP Security Bulletin.

        This wasn’t a keylogger but a touchpad tuning utility:
        “The purpose of this tool is to assist in the diagnostic, debug and tuning of the TouchPad. The debug tool does not create a keylogger or text file. The data [format] is in a proprietary binary format.”
        https://www.synaptics.com/sites/default/files/synaptics-touchpad-software-driver-qa.pdf

        The guy who discovered it didn’t even have an HP laptop on which to test his theories: https://zwclose.github.io/HP-keylogger/

        Reply | Quote
        • OscarCP
          Member
          December 16, 2017 at 2:07 pm #152667

           

          B: Thanks for your comments.

          “Shooting the messenger” Well, not quite, actually more like “playing Devil’s advocate. I felt this topic deserved a more critical discussion than it was having.

          I find your posting informative, but still have misgivings about Cimpanu’s posting in “bleeping computer”.

          For example: if the key he showed in there was already deactivated, it certainly would take Administrator privileges to activate it. But a black hat that can get into one’s machine and subvert its OS to get that far, should be also able to assume Administrator privileges.

          Besides, although the key in question might have been already disclosed in an announcement by HP, it does not make me feel more secure, or particularly grateful, to see the most critical details been broadcast far and wide by the likes of Mr. Cimpanu.

          So: “shoot the messenger”? I wouldn’t, in general, not being of a violent disposition.

          But if he is a dangerously indiscreet messenger…

           

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          Reply | Quote
    Viewing 2 reply threads
    Reply To: Remember the HP Synaptics keylogger that was pulled last week? HP says it wasn’t a keylogger

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.