Search
Login
Login
Home
The UIU
About the UIU
UIU Versions
UIU Trial
UIU Webinars
UIU Quote
UIU Videos and Resources
Support
Support Request
Downloads
UIU 5 Download
SCCM plug-in Download
MDT plug-in Download
UIU Classic Mode Download
UIU Support Tools Download
Release Notes
UIU Blog
Support Policy
User Guides
User Guides Overview
UIU Plug-ins 2.0 - SCCM Users
UIU Plug-ins 2.0 - MDT Users
UIU 5 User Guide
UIU Classic Mode User Guide
UIU Support Docs - Advanced
1E Tachyon / Nomad Integration
UIU Discovery Tool v2.0
UIU Command Line
Sysprep Assistant
IT Consulting
Services
Consultants
Contact Us
UIU Blog
Support
/
UIU Blog
What is this “Keylogger” business?
On December 20, 2017 in
General
,
Support Cases
by
Matthew Burger
In an era where we are all sensitive to computing security issues, whether it be from foreign powers, internal leaks, or from nefarious hackers, we are increasingly bombarded with media reports about new and seemingly disastrous computer security vulnerabilities. Some of these threats are very real and some are a bit of a hyperbole. The reality of the situation is that each of these potential vulnerabilities must be assessed objectively for the impact that they may actually have on an organization or individual.
For example, in 2017 when Equifax was breached and 145.5 million Americans’ personal information was exposed, the alleged culprit was a flaw in a design tool used to build web sites. The flaw was reported months before the attack. This is an example of a very real vulnerability resulting in very real losses.
In another example, the KRACK wi-fi vulnerability, widely covered in the media, would allow malevolent parties to eavesdrop on the datastream when a device was connected to public wi-fi connections. This vulnerability seems very serious and indeed potentially could be. It must be stated that the reality of the situation is that devices are connected to various unknown or unsecured wi-fi routers on a regular basis without concern for the potential of exposed datastreams. Notably, the vulnerability could also be used to interject code, presumably malware, into unprepared websites in order to infect machines (think ransomware). However, an attacker would need to be within range of the targeted wi-fi network. This greatly diminishes the potential for damage in many cases. Also, the network traffic could be eavesdropped upon only if it is not encrypted (think HTTPS or VPN). So, is the vulnerability real? Yes. Is it serious? Well, it could be. If network services are sufficiently protected/encrypted, the risk is ultimately rather low.
That brings us to the “keylogger” issue. Its name and description would lead us to believe that it is very dangerous, particularly when combined with other attacks designed to transfer the logged results of the keylogging to a nefarious party. In May of 2017, HP released an audio driver that contained the keylogger vulnerability. Again in December of 2017 HP released a touchpad driver that contained the same or similar vulnerability. The same questions apply. Is the vulnerability real? Yes. Is it serious? It could be. Again, if network services, particularly access to the logged results, are sufficiently protected, the risk is low. In the case of the touchpad driver,
Synaptics
claims that the keylogger feature is part of a “debug tool”:
”The debug tool cannot be turned on or used except by a person with Admin access and special developer tools. When turned on, the debug tool collects data in a proprietary binary format for a rolling memory buffer that gets either overwritten or deleted every time a power event happens.”
That said, of course all of these vulnerabilities should be remediated. By the same token, steps should be taken, or in some cases should have been taken, to secure local access to machines and to secure communications over business (and public) networks. I know, I know… Mistakes happen; things get missed. We all do our best. On that note, Big Bang LLC takes each of these matters seriously when they are reported. We do our very best to insure that the drivers that are delivered with the UIU are the most recent and secure versions available from component manufacturers and OEMs. We encourage all of our customers to bring potentially vulnerable drivers to our attention so that we may update or eliminate them from consideration by the UIU.
Reports of potentially vulnerable drivers may be submitted to
UIU Support
.
Comments are closed.
Showing
0
Comment
Tagged With:
Search
Categories
Deployment Discussion (33)
General (6)
Industry Insights (26)
Product News (7)
Support Cases (13)
Archives
2019
2018
2017
2015
2014
2013
2012
Questions? Feedback?
powered by
Olark live chat software