5 replies (most recent on top)
Vendor first to patch, expect other OEMs to follow
HP's advisory stated that the vulnerability "impacts all Synaptics OEM partners", so we can expect a rash of driver updates to be released in the future. HP added: "Neither Synaptics nor HP has access to customer data as a result of this issue."
Original researcher said
At this point I had to run some ETW capture software like MessageAnalyzer to read the trace but I couldn’t do that since I didn’t have HP laptop. The research were done by reading the code of SynTP.sys, I couldn’t verify if it’s correct or not. I tried to find HP laptop for rent and asked a few communities about that but got almost no replies. One guy even thought that I am a thief trying to rob someone. So, I messaged HP about the finding. They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.
spawned from the same devil
I don't own an HP laptop...so no worries.
BTW - this is an HPI issue, not HPE.
Wrong thread for this - HP Inc split from HPE over two years ago, get with the program.