Synaptics Denies HP Driver Contains a Keylogger and Says It's a Debug Tool

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

LASER_oneXM

Level 23
Content Creator
Feb 4, 2016
1,206
5,797
Operating System
Windows 8.1
Installed Antivirus
Kaspersky
#1
Synaptics issued a security brief yesterday regarding the reports of a HP Synaptics Keyboard Driver that contained keylogging functionality. In their security brief, Synaptics states that their driver is being mischaracterized as a keylogger and it's simply a debug tool that was purposely added to the driver to help OEMs manufacturers debug their hardware.


According to Synaptics, this "feature" is present in all of their drivers being used by PC OEMs in production versions. So this appears to not only be localized to HP products, but any notebook that utilize Synaptics products.
While the debug tool was put in place to help notebook manufacturers, it is important to remember that if something exists that can be used, people will try to abuse it. As new security vulnerabilities and exploits are released daily, debug features that can be exploited should not be left in software released for production.

If manufacturers need debugging tool to perform diagnostics on their hardware, then debug drivers should be shipped to them that are used for testing. These debugging functions should then be removed for production ready drivers. Yes, this may make things more difficult, but it is also a much more secure method.
 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,569
9,520
#2
Reading their justification made me drop 10 points in IQ. There was never an IQ for me to lose in the first place so I was at zero but now I'm at -10. Didn't think it was possible to become even stupider but I underestimated Synaptic

If I dropped 10 points by reading that imagine how the employees feel who have to suffer from doing stupid things they are told to do on a daily basis. Like keeping debugging functionality available for end-user consumer builds