HP issues fix for keylogger found on hundreds of laptop models
HP has released a patch for a keylogger hidden on hundreds of its laptops.
For the second time in 2017, HP is rolling out a patch to address a keylogger hidden on some of its laptops. And while the security flaw doesn't appear to be the result of any malintent, it affects hundreds of PC models shipped since 2012.
Initially discovered by a security researcher going by the name ZwClose (via PCWorld), the keylogger was included in the Synaptics Touchpad keyboard driver found on the affected laptops. The logging function was a debugging tool that was off by default, HP says, but it still posed a potential risk for exploitation by malicious software.
Fortunately, HP responded quickly after being alerted to the logger, ZwClose says. In a security bulletin (opens in new tab), HP has acknowledged the issue, stating:
For now, HP has provided patches (opens in new tab) for all of the affected laptop models, which number nearly 500. Affected models include EliteBook, ProBook, Envy, Spectre, and many more. According to ZwClose, the update will be automatically delivered via Windows Update as well.
This follows a similar incident from May, in which a keylogger was found to be included in a Conexant audio ddriver on some HP laptops. In that situation, keystrokes were actually being logged, but HP was quick to roll out a patch to remove the keylogger, as well as the log file associated with it.
Windows Central Newsletter
Get the best of Windows Central in your inbox, every day!
Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl.
Which goes to show sometimes relying OEM drivers is not the best solution... Will need to triple check my probook when i get home..
HP initially denied that their devices had a keylogger on them in the first place. So HP, why are you fixing something that supposedly wasn't there anyway?