Synaptics said reports that claim hundreds of HP laptops contain a secret keylogger made by the company are inaccurate. In a statement released Wednesday, the company said its software was being mischaracterized as a keylogger. It also said it would remove the debugging component from production versions of its Synaptics Touchpad Driver.
Synaptics statement was in response to research published last week by Michael Myng titled “HP keylogger” and the ensuing media coverage of the report. Myng asserted a Synaptics Touchpad Driver used by HP and OEM computer makers contained debugging code that could be activated and used as a keylogger.
“HP had a keylogger in the keyboard driver,” Myng wrote. “The logging was disabled by default but could be enabled by setting a registry value (UAC required).”
The disclosure of the alleged keylogger coincided with a security bulletin and patch from HP.
“A potential security vulnerability has been identified with certain versions of Synaptics Touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability,” HP stated in a security bulletin.
At the time Synaptics declined to comment. But on Wednesday it said “Synaptics is aware of articles that were published where it was purported that there was a ‘keylogger’ in our Touchpad drivers. This is inaccurate. Our debug tool was mischaracterized in the articles as ‘keylogger’.”
“Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the Touchpad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions. This debug tool was turned off after production and prior to shipment.
After shipment, the supplier or user may wish to further tune and enhance the Touchpad experience by enabling the debug tool. The debug tool cannot be turned on or used except by a person with Admin access and special developer tools. When turned on, the debug tool collects data in a proprietary binary format for a rolling memory buffer that gets either overwritten or deleted every time a power event happens.”
Synaptics also offered an apology to anyone who expressed concern the debugging tool was malicious in nature. “In our new normal of heightened concern for security and privacy, Synaptics would like to apologize for any concerns that our debug tool may have raised,” it stated.
As a result of the brouhaha, Synaptics said it will remove the debug tool in question for production versions of the Synaptics Touchpad driver.
In all, HP said more than 460 model laptops were impacted, including laptops that are part of its EliteBook, HP Pavilion and ZBook lines.
Myng said that the debugging code that could be turned into a keylogger is present in the Synaptics Touchpad SynTP.sys file.
“The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required),” Myng wrote.
WPP trace is a technique used by developers to debug code. By changing the value in the Windows registry, Myng was able to enable a keylogging feature that allowed user keystrokes to be stored locally.