HP Patched Keylogger Function

By   ISBuzz Team
Writer , Information Security Buzz | May 12, 2017 01:10 pm PST

Following the news that HP has now patched the keylogger function installed with its audio drivers, Kyle Lady commented below.

Kyle Lady, Sr R&D Engineer at Duo Security:

“Any sort of 2FA that is “out of band”—uses a different communication channel than the keyboard—can protect you from a keylogger. This include push-to-mobile-app, U2F security key, or phone call. If your 2FA method requires that you type in a passcode, from an app, a token, or an SMS message, this would still get logged. It wouldn’t be useful to an attacker in the future, but if an attacker could read your keystrokes in real-time, they might be able to use the same code before it expires. Keyloggers are rare, compared to phishing, so some sort of 2FA is better than no 2FA, but this is why we recommend U2F security keys and push-based apps as the *most* secure options. NIST even has retracted their endorsement of SMS-based passcodes due to the potential for successful attacks against that factor.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x