HP Updates Audio Driver to Fix Keylogger Problem

信息安全的进步不仅依赖网络安全技术的发展,同时也依赖于成熟的信息安全管理和其它方面的因素。组织并不能通过购买信息安全产品和安全方案解决信息安全的所有问题。
澳大利亚《星岛日报》:总理夜访后,成都宽窄巷子的思路更宽了
HP has updated its audio drivers to fix the keylogger situation that was discovered last week. Security researchers had discovered that 28 HP laptops and tablet PCs had an audio driver with a functionality that was working better than originally intended, collecting all keystrokes instead of just detecting when the user was trying to mute and unmute the audio, for instance. 
“Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version,” HP said in a statement.
The keylogging function has been around since a version that was released in December 2015, although the presence of the log file only came with the October 2016 update.
Version 10.0.931.90 has now been released, which fixes the problem. In order to get the update, visit hp.com and search for the latest audio driver for your device model.
Modzero, a Swiss security firm, warned last week that an app that came installed with many HP devices featuring a Conexant audio driver was logging keystrokes in a file that could easily be grabbed if the device became infected. The keystrokes were then transmitted to a debugging API, which allowed the local user or process to easily access everything in there.
Identified as CVE-2017-8360, the vulnerability affects 28 HP laptops and tablet PCs, including EliteBook, ProBook and others. The audio chip maker has yet to discuss whether other laptops made by other vendors featuring their chip could also be affected.
The keylogger capabilities were supposed to be a lot more restrained. In fact, the functionality was designed to help determine whether the user was pressing any of the special audio keys, so the driver could react accordingly. Researchers believe the extended capabilities may very well be the result of negligence as there is no evidence of malicious intent.
The company claims the bug doesn't allow it to access customer data. It's worth mentioning that HP has moved quite fast in releasing an update to fix the situation.

法规遵从是来自政府和行业的外部压力,内部压力还是源自业务的安全保障需要。

猜您喜欢

盒装的“信息安全意识培训系统”上市
一分钟快速了解基础信息安全理念
安环人员眼中的最简单不过的EHS知识竟然可以这样宣传
刘晓庆晒与老公生活照 穿情侣装很甜蜜!
HOTFROG STITCHRED
研究称密码需强健