HP rolls out patch to fix keylogging bug in certain laptopsMay 13, 2017 – 7:10 AM
Consumers with HP laptops that have been accidentally recording their keystrokes can easily address the problem with a patch from the PC maker.
More than two dozen HP laptop models, including the EliteBook, ProBook and ZBook, have an bug in the audio driver that will act as a keylogger, a Swiss security firm said Thursday. A list of affected products can be found here.
Fortunately, HP began rolling out fixes through its support page, and in a Windows update, starting on Thursday, HP Vice President Mike Nash said.
The problem has been found affecting certain HP laptops made since 2015. In some cases, it stores all the captured keystrokes in a log file on the PC. In other cases, the bug will pass the keystrokes to a Windows debugging interface on the machine, exposing them to possible capture.
The security firm Modzero noticed the problem last month and reported it to HP, which prompted the PC maker to investigate it and work on a fix, Nash said in an interview.
“There was some debugging code in the audio driver that was mistakenly left there,” he said. “It was left there by accident. The intent was to help us debug a problem.”
HP’s patch will remove the flaw from the PC’s audio driver and also delete the log file that was storing the keystrokes.