In the case of HP it has come to no abuse, HP assures. The keylogging code was therefore included in the mentioned SynTP.sys file, which in turn is part of the Synaptics touchpad driver, which comes with numerous HP notebooks. According to Hacker News, the software was found on around 460 models.
Although the keylogger is disabled by default, hackers could turn it on by changing a registry value and using open source tools to bypass user account control. The registry key is located in the following locations:
- HKLM \ Software \ Synaptics \% Product Name%
- HKLM \ Software \ Synaptics \% Product Name% \ Default
The discoverer of the keylogger, according to their own information was already reported to HP last month. The company has then confirmed this. However, the manufacturer has stated that this is just a debug remnant that has been erroneously left behind. Meanwhile, the code has been removed from the driver, HP said that neither you nor Synaptics had access to customer data. A driver update is already available, the list of affected notebook models can be found on an HP website.