Security researcher Micheal Myng has identified keylogging code in HP laptop’s touchpad drivers. Mr. Myng discovered this in August 2017 when he was trying to figure out how to control the laptop’s keyboard backlight. He found that this keystroke logger was able to record any kind of keystroke ever struck by the laptop’s user.
The keystroke logger was disabled by default in the laptop’s software. But anyone with administrative privileges could activate it by altering a simple registry. This has been deemed as a “potential security vulnerability”.
Hp users are advised to download a patch which removes the keylogger from the operating system as soon as feasible. There is a long list of HP and Compaq models affected by this keylogger code amounting to around 460 in total. This includes models in the EliteBook, ProBook, Pavilion, and Envy ranges.
The statement released by HP states that neither HP nor Synaptics (SYNA, +2.70%), the company which provides the touchpad drivers, “has access to customer data as a result of this issue.” This code was integrated there to help developers fix problems with the touchpad.
HP has been in hot waters in May 2017, when similar keystroke logger was discovered in their laptop’s audio drivers. Swiss security firm Modzero said that the keylogger activity was discovered in the Conexant HD audio driver package (version 184.108.40.206 and earlier), found on dozens of HP business and enterprise laptop models, including HP Elitebook, ProBook, and ZBook models — including the latest Folio G1 laptop. A spokesperson for HP said in a brief statement that, “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.”
Last month in November 2017, HP was accused of quietly installing spyware on Windows PCs. In a statement shared with PC Mag, HP said,”HP Touchpoint Analytics is a service we have offered since 2014 as part of HP Support Assistant. It anonymously collects diagnostic information about hardware performance. No data is shared with HP unless access is expressly granted. Customers can opt-out or uninstall the service at any time. HP Touchpoint Analytics was recently updated and there were no changes to privacy settings as part of this update. We take customer privacy very seriously and act in accordance with a strict policy.”