HP touchpad driver with keylogger found, may affect many other notebooks

Yolanda Curtis
December 11, 2017

HP has since launched a web page with all the relevant information for which laptop models are affected, including link to the update.

Researcher Michael Myng was trying to work out how to control the backlight on an HP laptop keyboard. HP responded quickly after reporting his findings to the company and said it was code that was left over during debugging.

A keylogging tool found on hundreds of HP notebooks is getting a lot of tech sites riled up, but it doesn't appear to be the privacy nightmare that some may have you believe.

The company issued a software update removing the keylogger, which is available from HP or through Windows Update. In its advisory, HP noted that "a potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners".

A keylogger is capable of stealthily recording everything the user types on the keyboard (like logins and passwords), so this is clearly a major problem. HP states that "A party would need administrative privileges in order to take advantage of the vulnerability". Affected models include EliteBook, ProBook, Envy, Spectre, and many more.

HP had said that it built this software to help debug errors. "HP has no access to customer data as a result of this issue". HP made sure to note that "neither Synaptics nor HP has access to customer data as a result of this issue". "They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace". Back in May 2017, a keylogger was found in an audio driver package present in many HP laptops, according to security firm ModZero.

We urge our readers to head to the HP support website to see whether their notebook is affected by this bug and if it is download the accompanying security patch.

Other reports by iNewsToday