Synaptics said reports that claim hundreds of HP laptops contain a secret keylogger made by the company are inaccurate. In a statement released Wednesday, the company said its software was being mischaracterized as a keylogger. It also said it would remove the debugging component from production versions of its Synaptics Touchpad Driver.
Synaptics statement was in response to research published last week by Michael Myng titled “HP keylogger” and the ensuing media coverage of the report. Myng asserted a Synaptics Touchpad Driver used by HP and OEM computer makers contained debugging code that could be activated and used as a keylogger.
“HP had a keylogger in the keyboard driver,” Myng wrote. “The logging was disabled by default but could be enabled by setting a registry value (UAC required).”
The disclosure of the alleged keylogger coincided with a security bulletin and patch from HP.
“A potential security vulnerability has been identified with certain versions of Synaptics Touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability,” HP stated in a security bulletin.
At the time Synaptics declined to comment. But on Wednesday it said “Synaptics is aware of articles that were published where it was purported that there was a ‘keylogger’ in our Touchpad drivers. This is inaccurate. Our debug tool was mischaracterized in the articles as ‘keylogger’.”
“Synaptics provides a custom debug tool in the driver to assist in the diagnostic, debug and tuning of the Touchpad. This debug feature is a standard tool in all Synaptics drivers across PC OEMs and is currently present in production versions. This debug tool was turned off after production and prior to shipment.
After shipment, the supplier or user may wish to further tune and enhance the Touchpad experience