Pre-installed keylogger discovered on nearly 500 HP laptop models
Image credit: Dreamstime
A security researcher has discovered pre-installed key logging software on hundreds of different HP laptop models.
The potential security vulnerability was discovered by Michael Myng, a security researcher, who detailed the malware in a blog post. According to Myng, he discovered the code while attempting to control the keyboard backlight on an HP laptop. The key logging software was hidden in the laptops’ keyboard drivers: the driver responsible for the functioning of the keyboard.
Myng said that the keylogger was deactivated by default, although an attacker with administrative privileges would be able to use the code to track everything a user was typing, including passwords, personal banking details and private messages.
HP have stated that more than 460 different laptop models – including models in the Pavilion, Stream, ProBook and Envy ranges dating back as far as 2012 – had been affected by the key logger.
The company said that the code had originally been installed in order to help debug errors in Synaptics’ software, and it has since issued a patch for customers to deal with the security vulnerability. The company has not suggested how many users may have been affected by the hidden software.
“HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems,” it said in a statement.
"HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue."
The discovery is a further embarrassment for HP, given that in May 2017 similar keylogging software was discovered pre-installed in the Conexant audio drivers of a number of its laptop models.
As major data leaks and other security and privacy breaches hit the headlines, large technology companies are facing scrutiny over their ability to guarantee the privacy and security of their customers’ private data.