Security researcher ModZero discovered that some models of HP laptops come with a pre-installed keylogger software that records what users press on the keyboard.
Owners of HP laptops are highly recommended to check their systems for the presence of the keylogger, which may have existed since at least December 2015.
HP Laptops With Keyloggers
In ModZero's blog post regarding the discovery, he revealed that the keylogger was found in an audio driver package included in HP laptops.
The driver, which was developed by audio chip manufacturer Conexant, is preloaded on over two dozen models of HP laptops, including the HP Elitebook, HP ProBook, and HP ZBook. The full list of affected devices can be found on a file that ModZero uploaded.
Keyloggers such as the one discovered hiding inside HP laptops are software that are capable of recording whenever a key is pressed and released and whether other keys were pressed alongside it. Tasks that keyloggers are capable of doing include recording the passwords that users type on their keyboards, even if the password is not displayed on the screen.
The purpose of the keylogger in Conexant's software is to recognize if a certain special key is pressed and released, as this is tied to certain functions such as activating the microphone or reducing the volume of speakers. However, the developer included several diagnostic and debugging features in the driver that records all the keystrokes of users, which are either broadcasted through debugging interfaces or stored in a file located in a public directory on the laptop's hard drive.
As such, anybody with local access to the files of users or hackers who have infiltrated a laptop through malware, may be able to acquire the passwords stored by the keylogger.
ModZero noted that there is no evidence that the keylogger was intentionally included in the laptops by either HP or Conexant. However, the developer is still at fault, as the issue carried a significant security risk for users.
HP Rolls Out Fix For Keyloggers
HP has now rolled out patches that will remove the keylogger from the affected laptops, along with the log file that stored the recorded keystrokes. According to HP vice president Mike Nash, the fix is now available through HP.com and Windows Update for models released in 2016 and later. Affected laptops released in 2015 will receive the patch by today, May 12.
Users who do not want to wait for the patch can simply search for the following files and delete them: C:\Windows\System32\MicTray.exe or C:\Windows\System32\MicTray64.exe. However, this may cause the special keys of the HP laptop to stop functioning.
"HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue," said a spokesperson for the company in a statement.
Nash clarified that they keylogger was mistakenly added to the driver's production code and was never intended to reach HP's commercial products.
It has not been a good year so far for HP laptops. In January, HP recalled over 100,000 laptop batteries that were prone to overheating, which raised fire and burn hazards.