A built-in keylogger has been discovered on a host of HP laptops for the second time in 2017.
The hidden software was discovered by security blogger Michael Myng, who also goes by the handle ZwClose. According to Myng’s post, he found the keylogger in the keyboard driver when he was looking for more information on how the keyboards on certain models were backlit.
“The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required),” Myng wrote in the post.
SEE: Information security incident reporting policy (Tech Pro Research)
After Myng initially noticed what looked like the format string for a keylogger, he began to dig deeper. However, without having an HP laptop of his own, he couldn’t look as deeply as he wanted to, the post said. So, he reached out to HP.
After messaging HP, the company replied to Myng and confirmed the keylogger, which he noted was actually a debug trace. A patch has since been released that removes the keylogger, but users must update their machines to get it.
HP has since launched a web page with all the relevant information for which laptop models are affected, including link to the update. The issue affects commercial notebooks, mobile thin clients, mobile workstations, and consumer laptops as well. HP users should check the list of affected devices on the web page to see if their model is listed.
Unfortunately, this isn’t the first time a keylogger has been found on HP laptops. Back in May 2017, a keylogger was found in an audio driver package present in many HP laptops, according to security firm ModZero.
While neither instance of the keylogger may have been malicious, the presence of such surveillance software could be detrimental to HP’s brand image among consumers. Personal privacy is a major concern among users, and any software that seems like it could potentially violate that privacy could drive users away.
The 3 big takeaways for TechRepublic readers
- A built-in keylogger was found in a huge number of HP laptops by security blogger Michael Myng, also known as ZwClose.
- Found in the keyboard driver, the keylogger saved scan codes to a WPP trace, but it was disabled by default, Myng reported in his post.
- HP users should check the list of affected machines on HP’s web page for the keylogger, and follow the necessary steps to update their machine.