Slashdot Mirror

← Back to Stories (view on slashdot.org)

HP Issues Fix For Keylogger Found On Several Laptop Models (zdnet.com)

Posted by msmash on from the fixing-things dept.

HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016. From a report: HP has since rolled out patches to remove the keylogger, which will also delete the log file containing the keystrokes. A spokesperson for HP said in a brief statement: "HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue." HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices. Nash didn't how many models or customers were affected, but did confirm that some consumer laptops were affected. He also confirmed that a handful of consumer models that come with Conexant drivers are affected.

3 of 72 comments (clear)

  1. Re:Fine. by anegg · · Score: 3, Insightful

    Words fail me. Whether this was incompetence or a poorly-kept secret, the implications are troublesome. A clear demonstration that even mainstream commercial software can't be trusted in some pretty fundamental ways. Yet we conduct more and more of our personal and professional lives on and through software-controlled systems. The explanation is that it was done accidentally, which implies that it is relatively easy to do and will not be detected by whatever quality assurance processes are in place.

  2. Didn't seem like a big deal by Anonymous Coward · · Score: 0, Insightful

    Nobody who reported this said it was sending the keystroke data to server or anything. Just that it had been included in a driver and was apparently used in testing but never removed. Seems pretty benign and now HP has issued a update to correct it.

  3. Re:Fine. by 110010001000 · · Score: 4, Insightful

    I'm pretty sure that RMS has been saying this for years. You cannot trust any closed source. You have no idea what is doing. You are trusting unknown people with your data.