HP is a very common name for both businesses and household IT. For this reason, it was especially concerning when more than two dozen models of HP laptops were found to contain a keylogger that recorded keystrokes into a log file.
Although HP quickly released patches to remove the keylogger, the concern lingered. Customers have very high expectations for large vendors to have top security in today’s world. However, even the largest of companies often do not have the resources to ensure security for all products and software. Furthermore, even the most secure software has its weak-points.
In this case, the vulnerability was discovered in the Conexant HD Audio Driver package, where the driver monitors for certain keystrokes used to mute or unmute audio. The keylogging functionality was likely used to help developers debug the driver, but unfortunately became a serious security concern for customers.
Although It is believed that the vulnerability was left in inadvertently, many wonder why a static or dynamic code analysis tool could not detect the vulnerability.
Related Video: Why a keylogger is in the audio driver and how to make sure it is not running on your devices
Working with an IT Services Company
For instances such as this, there are companies responsible for monitoring vendors. However, they may not always be able to catch every vulnerability. It can be very beneficial for companies to work with their own third party IT services company to monitor products and software from vendors before they are used in their networks.
These IT professionals are able to install a company’s own image on an endpoint before deploying it. These images would be used to analyze with dynamic or runtime application security tools to determine if any common vulnerabilities are present.
Security threats are a very real concern for companies in all industries. Partnering with a trusted IT team has become a common practice that ensures enterprise networks are always properly maintained and secure, even without full-time IT staff. Learn more about CCNY Tech’s Managed IT Services: Click Here