The first time was earlier this year, when Swiss security firm modzero AG discovered a keylogger in Conexant HP audio drivers that stored records of keystrokes in a file in the public folder, unencrypted.
This time, the keylogger was spotted by security researcher Michael Myng (aka “ZwClose”) while rifling through the Synaptics Touchpad SynTP.sys keyboard driver.
“The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required),” he noted.
Setting the required registry value can be easily performed by malware (e.g. remote access Trojans), which can then use the keylogger to harvest sensitive information entered by the user.
Myng reported his finding to HP. “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace,” he shared.