HP releases security fix after 'keylogging' discovery

Study finds a 'covert storage channel' for user keyboard inputs was packaged with laptop audio software

HP Security
(Image credit: Justin Sullivan/Getty Images)

Hewlett-Packard (HP) has issued a security update after it was discovered user keyboard inputs were being recorded on some of its computers.

Security firm Modzero found a "covert storage channel for sensitive data" had been packaged in with audio driver software developed by Conexant on several HP laptops and was recording the user's keystrokes.

"This type of debugging turns the audio driver effectively into a keylogging spyware," it said. Information in the software's meta-data indicated it "already existed on HP computers since at least Christmas 2015".

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

While files containing logged keyboard inputs are "overwritten after each computer reboot", says ArsTecnica, they could be restored using certain "forensic tools".

Information held would include "a comprehensive history of everything that was typed on the keyboard", including "passwords, e-mails, and contacts".

HP issued a security update "for some of the affected models" yesterday, says the Daily Telegraph. The remaining laptops are expected to be patched today.

A total of 28 computer variants were found to contain the "bug", continues the paper, including the high-end EliteBook and ProBook models.

HP told Cnet:"Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version."

It added that despite the software's ability to record user data, the company did not have access to customer information.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.