Update your laptop now to remove HP ‘keylogger’
Ifyou own an HP laptop, you need to check whether the company pre-installed secret software that records what you type on your keyboard.
The company has admitted that the program was built into more than 460 of its laptop models, stretching back to devices made in 2012. It includes laptops in the Elitebook, Probook, Pavilion and Envy ranges.
It was discovered by security researcher Michael Myng (who blogs as Zwclose at www.snipca.com/26561), when he inspected Synaptics Touchpad drivers on an HP laptop. He described it as a keylogger, but Synaptics called this a “mischaracterisation” in an attempt to dampen the furore.
The company said it added the tool to drivers in order to help all manufacturers – not just HP – fix problems with the touchpad as the computer is being made. This was confirmed by HP. But these ‘debug’ tools are usually removed from a computer before it goes on sale to the public.
Myng said the keylogger was disabled by default, but could be turned on by a hacker who gained access to the laptop, allowing them to record what is typed.
He said that after he told HP about the keylogger the company replied “terrifically fast” to acknowledge its presence. HP said that neither it nor Synaptics could use the keylogger to access customer data. It has released a list of affected laptops and issued a software update to replace the driver (see box), calling it a “potential security vulnerability”.
Synaptics apologised for “any concerns” the tool raised, and pledged to remove it from its driver due to the “new normal of heightened concern for security and privacy”.
Second keylogger in 2017
It’s the second time in eight months that keyloggers have been detected in HP laptops. In May Swiss security firm Modzero discovered a similar tool in the Conexant HD driver, which controls audio on HP laptops.
It could have been used to collect data including passwords, website addresses, and private messages. HP quickly released an update that replaced it, saying it had been installed by mistake.
It’s true that companies can change their terms and conditions, but they’re not allowed to make false claims in adverts or marketing material. Whether Y-cam broke the rules depends on what is meant by the word ‘forever’. Customers will say the meaning is obvious, but the strict legal definition may be different. We’ve received many complaints, and have contacted Trading Standards and the Advertising Standards Authority. We’ll update you soon in Consumeractive.