It could have been used to collect data including passwords, website addresses, and private messages. HP quickly released an update that replaced it, saying it had been installed by mistake.
If you own an HP laptop, you need to check whether the company pre-installed secret software that records what you type on your keyboard.
The company has admitted that the program was built into more than 460 of its laptop models, stretching back to devices made in 2012. It includes laptops in the EliteBook, ProBook, Pavilion and Envy ranges.
It was discovered by security researcher Michael Myng, when he inspected Synaptics Touchpad drivers on an HP laptop. He described it as a keylogger, but Synaptics called this a “mischaracterisation” in an attempt to dampen the furore.
The company said it added the tool to drivers in order to help all manufacturers – not just HP – fix problems with the touchpad as the computer is being made. This was confirmed by HP. But these ‘debug’ tools are usually removed from a computer before it goes on sale to the public.
Myng said the keylogger was disabled by default, but could be turned on by a hacker who gained access to the laptop, allowing them to record what is typed.
He said that after he told HP about the keylogger the company replied “terrifically fast” to acknowledge its presence. HP said that neither it nor Synaptics could use the keylogger to access customer data. It has released a list of affected laptops and issued a software update to replace the driver (see box), calling it a “potential security vulnerability”.
Synaptics apologised for “any concerns” the tool raised, and pledged to remove it from its driver due to the “new normal of heightened concern for security and privacy”.
Second keylogger in 2017
It’s the second time in eight months that keyloggers have been detected in HP laptops. In May Swiss security firm Modzero discovered a similar tool in the Conexant HD driver, which controls audio on HP laptops.
Were Oscar Wilde alive now to comment on computing blunders, he’d say that to install one keylogger may be regarded as a misfortune; to install two looks like carelessness. Thankfully, HP understands the importance of reacting swiftly to security scares, so you should be safe if you update the driver, as explained below. But only a fool would expect 2018 to be free of similar flaws. And only a bigger fool would expect all manufacturers to respond as quickly as HP.
WHAT YOU SHOULD DO
Visit HP’s site (www.snipca.com/26548) to check whether your laptop is listed. If it is. click the blue link next to it to download the update, which will replace the driver.