A security researcher has discovered that hundreds of different HP laptop models ship with software that can record every keystroke a user makes.
HP has acknowledged that the issue affects 460 laptop models, and the company has already released a software update for affected models.
It’s worth noting that HP hadn’t installed the keylogger to spy on users. In fact, it’s not even active on most computers: but it poses a potential security risk, since an attacker who gains administrative rights to a computer might be able to enable it without a users’ knowledge.
Here’s the deal: the keylogger is built into a driver for the Synaptics touchpad hardware used for most of the company’s laptops released since 2012. It’s included for diagnostic and debugging purposes, but it’s disabled by default.
But security researcher Michael Myng was inspecting the Synaptics software to find a way to control the keyboard backlights on HP laptops when he noticed the included keylogging feature. He says after contacting HP, the company “replied terrificly fast,” and confirmed the issue and released an update.
The list of affected computers includes members of the HP Pavilion, Envy, Spectre, EliteBook, ProBook, and Omen lines. If you’ve got an HP laptop, it’s probably a good idea to download and install the update.
There’s also a chance the issue may affect non-HP computers as well. HP’s security update notes that the vulnerability “impacts all Synaptics OEM partners.”