Synaptics issued a security brief yesterday regarding the reports of a HP Synaptics Keyboard Driver that contained keylogging functionality. In their security brief, Synaptics states that their driver is being mischaracterized as a keylogger and it’s simply a debug tool that was purposely added to the driver to help OEMs manufacturers debug their hardware.
According to Synaptics, this “feature” is present in all of their drivers being used by PC OEMs in production versions. So this appears to not only be localized to HP products, but any notebook that utilize Synaptics products.
Each notebook OEM implements custom TouchPad features to deliver differentiation. We have been working with these OEMs to improve the quality of these drivers. To support these requirements and to improve the quality of the experience, Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the TouchPad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions. This debug tool was turned off after production and prior to shipment. Synaptics believes now, for best industry practices, that it should remove this debug tool for production versions of the driver. Synaptics is unaware of any breach of security related to this debug tool.
While the debug tool was put in place to help notebook manufacturers, it is important to remember that if something exists that can be used, people will try to abuse it. As new security vulnerabilities and exploits are released daily, debug features that can be exploited should not be…