A security researcher has discovered that hundreds of different HP laptop models ship with software that can record every keystroke a user makes.

HP has acknowledged that the issue affects 460 laptop models, and the company has already released a software update for affected models.

It’s worth noting that HP hadn’t installed the keylogger to spy on users. In fact, it’s not even active on most computers: but it poses a potential security risk, since an attacker who gains administrative rights to a computer might be able to enable it without a users’ knowledge.

Here’s the deal: the keylogger is built into a driver for the Synaptics touchpad hardware used for most of the company’s laptops released since 2012. It’s included for diagnostic and debugging purposes, but it’s disabled by default.

But security researcher Michael Myng was inspecting the Synaptics software to find a way to control the keyboard backlights on HP laptops when he noticed the included keylogging feature. He says after contacting HP, the company “replied terrificly fast,” and confirmed the issue and released an update.

The list of affected computers includes members of the HP Pavilion, Envy, Spectre, EliteBook, ProBook, and Omen lines. If you’ve got an HP laptop, it’s probably a good idea to download and install the update.

There’s also a chance the issue may affect non-HP computers as well. HP’s security update notes that the vulnerability “impacts all Synaptics OEM partners.”

via BBC

 

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

4 replies on “HP provides update for hundreds of laptop models that have hidden keylogger”

  1. What other notebooks use this Synaptics software? Seems like it’d be more than just HP.

    1. I have a 2013 era Toshiba and a 2010 era eMachines that use Synaptics touch pads and drivers. I thought the vast majority of laptops uses Synaptics touch pads and drivers.

  2. Wow, this is quite terrifying. It shouldn’t have happened in the first place, Synaptics.
    Just imagine if someone had discovered this earlier, and used it to spy on users.

    Imagine, if they were able to access your account and steal, for example, 900 Bitcoins.
    That’s a big risk there.

  3. Thanks for that. I would just point out that when you search for your model of computer, HP did it rather odd. Their model numbers include zeros, but they also used zeros to mean X (e.g. some value between 1 and 9). So search only the first two or three characters of your model number.

    Also, these are signed by Microsoft, so I wonder how long it will be before Windows update pushes them out?

Comments are closed.