Word went out yesterday that several of HP’s laptop models dating back to December 2015 contain a keylogger as part of an audio driver provided by Conexant. Now HP has a fix for the issue. p
The keylogging issue was discovered by Swiss security firm ModZero. While the intent on behalf of Conexant was not malicious, the audio chip maker apparently took a poor approach of coding its audio drivers to monitor and record keystrokes to detect when a hotkey is pressed. This allowed users to press key combinations for things like turning a microphone on and off.
On affected laptops, key presses get recorded and stored in a plain text log file. Even though the logs are wiped clean whenever a user logs off, every keystroke is recorded while logged in, including personal communications, passwords, and so forth.
ModZero said it tried contacting HP and Conexant about the issue, but was shrugged off by HP Enterprise and flat out ignored by HP Inc. and Conexant. Due to not being will to work with them, ModZero publish the information in accordance with its responsible disclosure process.
Now , HP has begun pushing out a patch through both Windows Update and its own website.
“HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue,” HP told ZDNet.
