On 18/12/2017 20:50, Colony.three via openssl-users wrote:
On Mon, Dec 18, 2017 at 9:59 AM, Colony.three via openssl-users
openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>wrote:
Hear about the HP keylogging case recently? Do you think a
keylogger is
actually used in testing of a keyboard driver, in practice?
Yes.
More specifically, it's used to ensure that the scancodes that should
be detected when a particular key is hit or released are actually
detected when that key is hit or released. It's also useful for
identifying how a particular keyboard has failed, to see which
scancodes aren't being transmitted properly.
That said, it's not something that should be left in a production
driver. It's more suited for a development/diagnostics station than a
general-purpose system.
Actually no. Microseconds count, when testing a keyboard driver.
It's easy to imagine that a keylogger could be used, that's why the
cover story worked on so many. But in actual practice it's not useful.
(Eeesh. And my friends call /me/"paranoid".)
It's easy to characterize this as paranoia. Unless you are paying
attention to -facts- as the feedstock.
For your information, I actually tracked down the original report
about this (and posted some corrections in a comment to the
researcher):
1. This was not HP's keyboard driver. This was Synaptics' touch
pad driver (SynTP.sys).
2. The code in question was apparently the common classic issue
that the driver checks if a hotkey related to the touchpad is
pressed, and has a test feature to help each laptop manufacturer
check if they configured the correct (laptop-specific) scan code
for that hotkey by using a special test driver that logs the keys
that match/don't match the configured one. On a number of
occasions HP (and maybe others) have sent such test drivers to end
users instead of the drivers without the debug feature.
3. In this case, no keys were logged unless someone (or something)
with admin rights on the laptop did extra steps to turn on the
feature and to read back the results. Any malicious code with
those rights could just install its own logging without depending
on that particular wrong driver being installed.
So to me, that particular issue falls into the less serious tier of:
Possible misuse if other things go wrong first, upgrade when ready as
a defense in depth.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
