It was brought to attention this week that several HP laptop models, mostly dating back a couple of years, contain a keylogger that is actively recording.
Following an outcry from the media and users, HP has released a hot-fix that removes the keylogger from both newer and older HP laptop models. There is no confirmation on how many laptops were affected by the keylogger, but its inclusion was apparently a mistake and was never meant to reach the end-user in the first place.
“HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue,” HP told ZDNet.
According to security firm ModZero, the program was hidden inside an audio driver provided by Conexant. When the matter was brought into the public, an official representative of the company explained that it had no malicious intent. The keylogger was simply included to monitor and detect keystrokes so that users could press different key combinations for things like toggling a microphone on or off.
Conexant also added that the key presses were stored in a plain text log file on the system, and wiped clean whenever a user logged off. The problem lies in the fact that the keylogger was recording everything, including personal communications, passwords, and so forth.
ModZero, the first to discover the program, stated that it tried to contact both HP and Conexant about the issue. However, it wasn’t until the problem began spreading through social media that the companies began taking proper steps.