Leftover Debugger Causes Keylogger Vulnerability in Over 460 HP Laptop Models

This week, the Alert Logic team highlights the Keylogger Vulnerability in Over 460 HP Laptop Models and the Qualys Security Advisory on the GNU C Library Memory Leak and Buffer Overflow.

Data Breach

Leftover Debugger Causes Keylogger Vulnerability in Over 460 HP Laptop Models

HP Inc. recently confirmed a keylogger vulnerability in laptops using the Synaptics touchpad driver. The cause: leftover debugging code forgotten before shipping, and when activated, the keylogger saves scan codes to a WPP trace. Vulnerability was discovered by researcher Michael Myng when figuring out how to control HP’s laptop keyboard backlight. Although disabled by default, this code can easily be enabled by setting a simple registry value with user admin privileges.

HP stated this vulnerability impacted more than 460 model laptops, and they have since released an update via HP and Windows Update to remove the offending code. The specific HP products are listed in the security advisory. A similar vulnerability was discovered back in May involving the audio drivers in some HP-manufactured laptops, storing user keystrokes in a world-readable plaintext file.

References:  HP keylogger | Leftover Debugger Doubles as a Keylogger on Hundreds of HP Laptop Models | HP laptops found carrying keylogger in Synaptics touchpad driver

Mitigation Strategies:

Malware

Qualys Security Advisory on the GNU C Library Memory Leak and Buffer Overflow

On December 11, the Qualys Vulnerability and Malware Research Labs issued an advisory on a memory leak (CVE-2017-1000408) and buffer overflow (CVE-2017-1000409) in the GNU C Library Dynamic Loader (ld.so). The report gives a brief analysis of the vulnerable function, and present a simple method for exploiting a SUID binary on the command line and obtaining full root privileges. The impact of these vulnerabilities are considered low.

References: Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow | GNU C Library ld.so Memory Leak / Buffer Overflow

Mitigation Strategies:

Security Insights

More Security Insights and Industry News

Check out our new blog posts, plus you can follow the blog on our social media outlets.

This Week's Suspicious IP Addresses

181.214.87.7 173.249.17.50
140.205.225.186 140.205.201.39
185.107.94.10 185.130.212.167

*IP addresses provided by Recorded Future.