HP patches hundreds of laptops to remove hidden keylogger
Your touchpad can listen to your keyboard.
If you bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 shipped with a secret keylogger installed. Alongside the announcement, HP released driver updates to eradicate the software on affected laptops.
Security researcher Michael Myng ( go. pcworld.com/hpky) discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’S security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”—not necessarily just HP models.
The keylogger is disabled by default, however. “A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.
HOW TO REMOVE THE KEYLOGGER IN HP LAPTOPS
The same security bulletin ( go.pcworld.com/ scty) includes separate software update links for every HP laptop loaded with the keylogger. HP says you should install those updates “as soon as possible.” CSO ( go. pcworld.com/keyl) counted them all up and found a total of 475 affected laptops, with 303 being consumer laptops. Spectre, Envy, Pavilion, Omen, Compaq—they all contain the keylogger.
You’ll need to know your laptop’s model number to download the correct software package. You can find HP laptop model numbers by looking for the information on a sticker on the bottom of the machine. If you don’t see the sticker, you can press Fn + Esc simultaneously to summon HP’S System Information window. You’re looking for the “product name” entry. Once you know it, head to HP’S security bulletin, press Ctrl + F, and type in your laptop’s details to quickly find the correct update for your system. You don’t want to sift through all 475 listings individually to find the right one!
This isn’t the first time HP has run into keylogging trouble in 2017. In May ( go. pcworld.com/ptch), HP patched 30 laptops after a diagnostic update to the audio drivers accidentally resulted in capturing every keystroke and saving it to a local file. We’re leaving superb systems like the HP Spectre x360 ( go.pcworld.com/x360) on Pcworld’s list of the best laptops ( go.pcworld.com/ best) because the actions weren’t nefarious, but here’s hoping the company steps up its software quality assurance going forward.