UPDATE: HP Issues Patch For Factory Installed Keylogger

HP has issued a patch for the recently reported keylogger installed on various laptops, after Swiss security firm Modzero reported the software last Thursday in the Conexant HD audio driver package found on dozens of HP laptop models.

The driver stored every keystroke in an unencrypted text file on the user’s hard drive, which included passwords, visited websites, and any other sensitive information – all vulnerable to malware or anyone with local access.

In a statement, the company said “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue”

In an after-hours call Thursday, HP vice president Mike Nash said the keylogger was mistakenly added to the driver’s production code and was not meant to be rolled out to end users. The patch is now available on Windows Update and HP.com for affected models.

The keylogger was scheduled to start automatically upon boot, with it’s stated function to detect user input so it could react to shortcut functions such as microphone mute/unmute. The application then logged each keystroke in a text file, which was overwritten upon the next login.

Ugh! Upgraded to latest HP / Conexant audio driver, and it started to log every key I pressed. Ping @samilaiho @AdaptivaAmi @mod0 pic.twitter.com/1q3eULocIO

— Johan Arwidmark (@jarwidmark) May 11, 2017

Wither an innocent mistake or something more nefarious, it’s disconcerting to think that a pre-installed factory program would log keystrokes and store them in an unencrypted local file. Good thing there are security firms like Modzero who are actively hunting for such vulnerabilities…