Hacker News new | ask | show | jobs
by seanwilson 3115 days ago
"He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.

According to HP, it was originally built into the Synaptics software to help debug errors."

How bad is this really then? If an attacker could enable it, they could install another key logger anyway if this feature didn't exist? Can HP enable it remotely (I'm guessing not)?
1 comments
Someone1234 3115 days ago
Exactly. You need administrator to enable this, and you need administrator to install a different keylogger. So then the question becomes: Why use this? Well, an attacker wouldn't but the press doesn't know anything about tech' so, this fact escapes them. This is like science reporting all over again...

If you have HP's update agent installed, HP are able to install drivers, so all bets are off as far as what HP could do to your machine. They could enable this via the update agent, but even assuming worst motivations there are a tens of better commercial keyloggers HP would use before this.

This debug functionality likely shouldn't be shipping in retail versions of the driver (defence in depth, etc) and should be removed. But there's a ton of misinformation surrounding this bug which is frustrating, the actual security community are already bored of this one.

link
gruez 3115 days ago
>you need administrator to install a different keylogger

nope. you need administrator if you want to install for all users, but there's nothing preventing a user from keylogging himself.

link
Someone1234 3115 days ago
You need write access to:

HKLM\Software\Synaptics\%ProductName%\Default

Which requires administrator or equivalent, so that is preventing a user from even keylogging themselves.

link
gruez 3115 days ago
i meant you can install any other keylogger without admin.
link
raisedbyninjas 3115 days ago
HPSynapticsdriver.dll is probably on antivirus whitelists and signed with a reputable certificate whereas a random keylogger would not.
link
gruez 3115 days ago
it's trivial to bypass antivirus by obfuscating the executable with a commercially available packer/obfuscator. not to mention that if you have administrator access (needed to enable the keylogger), you could also disable/uninstall the antivirus, or load a driver (whose access can't be restricted by the antivirus).
link