Synaptics Denies HP Driver Contains a Keylogger and Says It's a Debug Tool

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Synaptics issued a security brief yesterday regarding the reports of a HP Synaptics Keyboard Driver that contained keylogging functionality. In their security brief, Synaptics states that their driver is being mischaracterized as a keylogger and it's simply a debug tool that was purposely added to the driver to help OEMs manufacturers debug their hardware.


According to Synaptics, this "feature" is present in all of their drivers being used by PC OEMs in production versions. So this appears to not only be localized to HP products, but any notebook that utilize Synaptics products.

While the debug tool was put in place to help notebook manufacturers, it is important to remember that if something exists that can be used, people will try to abuse it. As new security vulnerabilities and exploits are released daily, debug features that can be exploited should not be left in software released for production.

If manufacturers need debugging tool to perform diagnostics on their hardware, then debug drivers should be shipped to them that are used for testing. These debugging functions should then be removed for production ready drivers. Yes, this may make things more difficult, but it is also a much more secure method.
 
D

Deleted member 65228

Reading their justification made me drop 10 points in IQ. There was never an IQ for me to lose in the first place so I was at zero but now I'm at -10. Didn't think it was possible to become even stupider but I underestimated Synaptic

If I dropped 10 points by reading that imagine how the employees feel who have to suffer from doing stupid things they are told to do on a daily basis. Like keeping debugging functionality available for end-user consumer builds
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
Quote : " This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions. "

Source : Blog | TouchPad Security Brief | Synaptics

BsowujNO_o.gif
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top