Some HP laptops exposed to criminal hacking

The convenience of a one-touch access through the HP Info Center on some laptops could also open a backdoor to criminal attack.

On Tuesday, a security researcher disclosed to Bugtraq, a public newsgroup, details of remote execution attacks on some models of Hewlett-Packard laptops. According to the researcher, who is using the name "porkythepig," flaws in HPInfoDLL.dll, one of the ActiveX controls used within the HP Info Center, could allow remote attackers to target the laptop and also execute registry changes on the compromised machine.

As of Wednesday, HP has not offered a response.

The scenario within the disclosure suggests that an attacker could lure a victim to a specially created Web site. When viewing the Web site in Internet Explorer, the ActiveX control within the HP Info Center could be compromised. If the victim uses a browser other than Internet Explorer, the browser would still call Internet Explorer to handle the ActiveX component on the specially created Web site.

Once a machine is compromised, an attacker could then install malware, change registry information in preparation for a more sophisticated attack, use the machine in a denial-of-service attack on itself or another target, or steal sensitive data from documents on the compromised machine.

A list of potentially vulnerable HP laptop models can be found in the full disclosure posted on BugTraq. To see whether your particular HP laptop is vulnerable, the researcher also provided a Web site (use this link at your own risk).

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Tech industry's high-flying 2014
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)