HP has gotten caught yet again hiding shady keylogging software in its laptops, potentially allowing hackers to record every letter a user types. In May 2017, it was discovered in audio drivers. This time, it was found in pre-installed software drivers connected directly to the keyboard.
Security researcher Michael Myng uncovered the keylogging software while trying to figure out how to control his friend’s keyboard backlight. He opened up the keyboard driver and noticed a few tell-tale strings after some browsing. Diving deep, he came to the conclusion that they lead to a hidden keylogger in a Synaptics device driver.
The potentially malicious piece of software wasn’t actually active, but could be if an attacker got physical access to the device and made some changes. From there, it would be easy enough to record a person’s activities and steal sensitive information like passwords.
Myng sent across an email to HP and got a response immediately. The company confirmed the presence of the keylogger and claims that it was installed to help debug errors. It later worked with Synaptics to provide fixes for the affected models now that it considers the software a “potential security vulnerability.”
The complete list includes a whopping 460 models in all, stretching all the way back to 2012. Most of HP’s popular lineups get a mention such as the EliteBook, Envy, ProBook, and Pavilion. You can check out the list here. The same link includes software patches which the brand issued in the wake of the discovery.