Hidden Keylogger Discovered On HP Laptops

Share

According to a report by the BBC, "Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work".

Hackers would need physical access to your computer to activate the keylogger.

Myng was in the process of inspecting the company's Synaptics Touchpad software to figure out how to control the backlight on his own HP laptop when he first discovered the keylogger. Many older Compaq models are on the list as well.

After consulting with HP he learned the keylogger is present within a huge range of Envy, Elitebook, Pavillion and ProBook laptops, dating all the way back to 2012. Customers can download the updated driver from HP's website.

The security researcher, nicknamed ZwClose, found the bug when they were investigating the driver for ways that it can be used to adjust keyboard lighting.

While it seems that the code's inclusion was accidental, it's still not a good look for HP, given that the manufacturer was found earlier this year to be using Conexant audio drivers that also contained a keylogger.

Iraq Celebrates Victory Over Daesh With Military Parade
Some three million Iraqis remain displaced by the war, and municipal services have yet to be restored in many liberated areas. ISIS overran almost a third of Iraqi territory including Mosul, the country's second largest city, in the summer of 2014.

After messaging HP, the company replied to Myng and confirmed the keylogger, which he noted was actually a debug trace.

HP notes in an advisory the "potential security vulnerability" stems from certain versions of Synaptics touchpad drivers.

Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on November 7 posted device-specific patches for most of the models affected, which can be downloaded here.

HP said neither it nor Synaptics "has access to customer data as a result of this issue". Now, it appears there's yet another keylogger embedded in a piece of HP software. It also affected numerous models, including HP EliteBooks, ProBooks, and ZBooks.

The company issued a software update removing the keylogger, which is available from HP or through Windows Update.

Share