HP issues fix for keylogger found on hundreds of laptop models

For the second time in 2017, HP is rolling out a patch to address a keylogger hidden on some of its laptops. And while the security flaw doesn't appear to be the result of any malintent, it affects hundreds of PC models shipped since 2012.

Initially discovered by a security researcher going by the name ZwClose (via PCWorld), the keylogger was included in the Synaptics Touchpad keyboard driver found on the affected laptops. The logging function was a debugging tool that was off by default, HP says, but it still posed a potential risk for exploitation by malicious software.

Fortunately, HP responded quickly after being alerted to the logger, ZwClose says. In a security bulletin, HP has acknowledged the issue, stating:

A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.

For now, HP has provided patches for all of the affected laptop models, which number nearly 500. Affected models include EliteBook, ProBook, Envy, Spectre, and many more. According to ZwClose, the update will be automatically delivered via Windows Update as well.

This follows a similar incident from May, in which a keylogger was found to be included in a Conexant audio ddriver on some HP laptops. In that situation, keystrokes were actually being logged, but HP was quick to roll out a patch to remove the keylogger, as well as the log file associated with it.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl