HP Issues Fix For Keylogger Found On Several Laptop Models

HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016. From a report: HP has since rolled out patches to remove the keylogger, which will also delete the log file containing the keystrokes. A spokesperson for HP said in a brief statement: "HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue." HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices. Nash didn't how many models or customers were affected, but did confirm that some consumer laptops were affected. He also confirmed that a handful of consumer models that come with Conexant drivers are affected.

Re:Wipe it

The driver containing the keylogger was distributed by Windows Update.. Unless you deactivated driver loading from Windows update, your wiped laptop is also affected.

Re:Fine.

[Megane]

From what I saw yesterday, the "explanation" is:

1: mediocre programmer guy wants to check the keystrokes that affect volume control, adds a keylogger to the code for debugging
2: poor version control, or a total lack thereof, combined with lack of code review, allows "temporary" debugging keylogger code to become part of and remain enabled in main-line production code
3: someone eventually discovers it and SHTF

In other words, Hanlon's Razor.