Consumers with HP laptops that have been accidentally recording their keystrokes can easily address the problem with a patch from the PC maker.
More than two dozen HP laptop models, including the EliteBook, ProBook and ZBook, have an bug in the audio driver that will act as a keylogger, a Swiss security firm said Thursday. A list of affected products can be found here.
Fortunately, HP began rolling out fixes through its support page, and in a Windows update, starting on Thursday, HP Vice President Mike Nash said.
The problem has been found affecting certain HP laptops made since 2015. In some cases, it stores all the captured keystrokes in a log file on the PC.
In other cases, the bug will pass the keystrokes to a Windows debugging interface on the machine, exposing them to possible capture.
The security firm Modzero noticed the problem last month and reported it to HP, which prompted the PC maker to investigate it and work on a fix, Nash said in an interview.
“There was some debugging code in the audio driver that was mistakenly left there,” he said. “It was left there by accident. The intent was to help us debug a problem.”
HP’s patch will remove the flaw from the PC's audio driver and also delete the log file that was storing the keystrokes.
On Thursday, HP published the first patches, which fix the problem in laptops made in 2016 and 2017. On Friday, HP will publish publish patches for units from 2015.
Consumers can download the patch from HP’s support page, by looking up their laptop's name and downloading a new audio driver. They should also receive the fix in an update coming through Windows Update, Nash said.
HP has been in talks with Conexant, the supplier of the audio driver, about fixing the problem, Nash said.
“It’s something Conexant should have identified and removed,” Nash said. “We want to make sure this doesn’t happen again.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.