Nothing to fear? HP recently came under severe fire after for allegedly bundling a keylogger onto its drivers, which would have allowed cybercriminals the ability to track every keystroke of a user.
This thing blew up fast.
However, Synaptics, the company that provides the touchpads for HP and many other OEMs said that the keylogger in question is not actually a keylogger, as it was actually designed to serve as a debug tool to identify issues and problems with the hardware.
As noted in a security brief that was recently published:
“Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions.”
So basically, the company says, HP isn’t the only one that offered drivers with this debug tool included by default — all OEMs that feature its hardware do the same.
Anyway, the important thing is that the debug tool was turned off after production and before shipment, though obviously it has been demonstrated that it can be easily reactivated and use for malicious purposes by cybercriminals.
That said, the firm believes that the debug tool has a security risk of 2 out of 10, and is currently working with PC partners to ship updated drivers, sans this keylogging functionality.