HP has done it again. They have screwed over their customers by leaving something nasty installed in over 460 of their laptop models. This nasty thing is a keylogger program that can be used by hackers to log your every keystroke allowing them to capture your most sensitive passwords!
This isn't the first time they've done this either! Back in May, security researchers discovered a keylogger hidden in HP's audio drivers. ZeroHedge recently reported about spyware being pre-installed on HP computers as well! How low will these guys stoop to snoop on their customers?
Well, this time the keylogger was found in the touchpad driver.
Via The Hacker News:
A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.
The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers.
Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger "by setting a registry value."
Here’s the location of the registry key:
The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually "a debug trace" which was left accidentally, but has now been removed.
Normally to combat bullshit bloatware that hardware manufacturers install by default, I recommend wiping out the OEM operating system and do a fresh install. The problem this time is that the keylogger is contained in the drivers! That means when you go to HP's website to get the correct drivers, the keylogger will still get installed! It's pretty messed up!
I guess you really have two options here:
- Stop buying HP products
- Stop using Windows and switch to Ubuntu or some other flavor of Linux