HP patches hundreds of laptops to remove hidden keylogger

Your touchpad can listen to your keyboard.

If you bought an HP laptop any time in the last five years, it could be tracking your every key stroke.

Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 shipped with a secret keylogger installed. Alongside the announcement, HP released driver updates to eradicate the software on affected laptops.

Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”—not necessarily just HP models. The keylogger is disabled by default, however.

“A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.

The same security bulletin includes separate software updates for every HP laptop loaded with the keylogger, and HP says you should install those updates “as soon as possible.”

CSO counted them all up and found a total of 475 affected laptops, with 303 being consumer laptops. Spectre, Envy, Pavilion, Omen, Compaq—they all contain the keylogger.

You’ll need to know your laptop’s model number to download the correct software package. You can find HP laptop model numbers by looking for the information on a sticker on the bottom of the machine. If you don’t see the sticker, you can press Fn + Esc simultaneously to summon HP’s System Information window.

You’re looking for the “product name” entry. Once you know it, head to HP’s security bulletin, press Ctrl F, and type in your laptop’s details to quickly find the correct update for your system. You don’t want to sift through all 475 listings individually to find the right one! 

This isn’t the first time HP has run into keylogging trouble in 2017. In May, HP patched 30 laptops after a diagnostic update to their audio drivers accidentally resulted in every stroke being captured and saved to a local file.

We’re leaving superb systems like the HP Spectre x360 on PCWorld’s list of the best laptops since the actions weren’t nefarious, but here’s hoping the company steps up its software quality assurance going forward.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags HP

More about CompaqCSOHPSynaptics

Show Comments
[]