As recently, security experts have discovered that the driver related to the keyboard of these devices is accompanied by a keylogger, responsible for collecting information introduced by this way. But before continuing, it is necessary to add a refinement. The code is in the SynTP.sys file. By default, it is not activated. It is true that it would suffice to modify a registry key of the Windows operating system to activate this function. It simply indicates for this scenario to occur, it is necessary to access the equipment remotely and activate this function, something that is not simple but is not impossible either. The registration key we are talking about is:- “HKLM\Software\Synaptics%ProductName%” “HKLM\Software\Synaptics%ProductName%\Default” If the registry key is modified, the only obstacle that should be avoided is the UAC that will jump when changes are applied in the registry, something that is not excessively complicated. What has not transcended is the place used by this code to store the information collected, but a local folder would be used. Taking into account that it is a driver “accepted” by security tools, this activity would go completely unnoticed among antivirus software.
For affected HP laptops, there is already a solution
The manufacturer has published an official list of devices that are affected by what could be considered a security breach. The list includes hundreds of models that are affected by the presence of this keylogger in the keyboard driver. Luckily for users, since HP has already published a review of this software component to remove the code. Remember that even if it is disabled, it takes very little effort to activate it and start collecting information. In total, we are talking about more than 460 models. However, we have listed some well-known series and here they are:-
OMEN ENVY Pavilion Stream ZBook EliteBook ProBook
There are also some in the Compaq series listed. The list of affected equipment and its corresponding solution can be consulted from the following link. Security experts want to iron out the issue. They define the event as an “oversight” on the part of the driver development team that forgot to remove certain code that would be used to debug. This does not mean that we are facing a dangerous situation if someone manages to satisfactorily activate it. Some experts have contacted the manufacturer, who has confirmed that it is a forgotten code to track the operation of the driver during the testing period. So, what do you think about this? Simply share all your views and thoughts in the comment section below.
