HP has issued a fix for a security flaw. Several HP laptop models were found to contain a pre-installed audio driver that came with a keylogger-type feature that recorded users' every keystroke. Security experts said that any malicious entity or malware with knowledge about the flaw and access to a user's files on affected computers could have harvested sensitive information, including passwords, private messages and more.
The flaw was uncovered by Swiss security firm Modzero, who said that the keylogger feature was found in the Conexant HD audio driver package, which was found in dozens of HP laptop models, including the recently released Folio G1 model as well as the HP Elitebook, ProBook, and ZBook models.
"There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers - which makes the software no less harmful," Modzero researchers said.
HP has since issued out patches to ensure that the keylogger feature is removed and any data log files are also deleted. "HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue," a spokesperson said.
HP vice-president Mike Nash told ZDNet that the keylogger feature was unintentionally added to the driver's production code and was never meant to be rolled out to end-user devices. Nash also confirmed that some laptops and a handful of other consumer models containing Conexant drivers were affected by the issue. However, the number of consumers affected by the issue remains unknown.
Nash also said that a fix was available via Windows update and HP.com for 2016 and later models. A fix for 2015 will be rolled out on Friday (12 May).