HP Responds To Pre-Installed Keylogger On Laptops
HP has issued a fix for dozens of its commercial and consumer laptop models that were found to be logging the keystrokes of users.
The Swiss cybersecurity firm Modzero published a whitepaper about the issue last week, which found a keylogger had been hidden within the Conexant audio driver that comes pre-installed on some of HP’s laptops.
“This capability was created by Conexant during the development process to help debug an audio issue,” said HP’s VP of Customer Experience Mike Nash.
“Adding debug code is a normal part of the development process and such code is supposed to be removed and never included in a commercially available product. Unfortunately, in this case, Conexant did not remove the code. We certainly never intended to include this code in shipped products.”
While some reports had suggested the logged data was being sent to HP, it actually remained on the computer and was erased any time a user logged off or restarted the laptop according to HP.
This still presented a security risk, with the logs potentially containing sensitive data like passwords and bank details, which prompted HP to quickly respond.
An update has been issued on HP’s website, while the company said it was in the process of pushing the update out via Microsoft’s Windows Update Service.
“While HP didn’t create the driver, our job is to keep the customer safe even when the issue is with third-party code. We have learned from this situation and will work to with our partners to further verify the debug code is removed from their software before it goes final,” Nash said.
More information about the issue and the affected systems can be found on HP’s security advisory.