HP releases security fix after 'keylogging' discovery
Study finds a 'covert storage channel' for user keyboard inputs was packaged with laptop audio software
Hewlett-Packard (HP) has issued a security update after it was discovered user keyboard inputs were being recorded on some of its computers.
Security firm Modzero found a "covert storage channel for sensitive data" had been packaged in with audio driver software developed by Conexant on several HP laptops and was recording the user's keystrokes.
"This type of debugging turns the audio driver effectively into a keylogging spyware," it said. Information in the software's meta-data indicated it "already existed on HP computers since at least Christmas 2015".
While files containing logged keyboard inputs are "overwritten after each computer reboot", says ArsTecnica, they could be restored using certain "forensic tools".
Information held would include "a comprehensive history of everything that was typed on the keyboard", including "passwords, e-mails, and contacts".
HP issued a security update "for some of the affected models" yesterday, says the Daily Telegraph. The remaining laptops are expected to be patched today.
A total of 28 computer variants were found to contain the "bug", continues the paper, including the high-end EliteBook and ProBook models.
HP told Cnet:"Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version."
It added that despite the software's ability to record user data, the company did not have access to customer information.