It has been recently announced that some laptop models of HP that were released since December of 2015 possessed keyloggers as an audio component delivered by Conexant. In its wake and the many complaints from users, HP finally offers a fix via the updated patch.
The keylogger problem was first discovered by ModZero – a Swiss security firm. It was certain that Conexant didn’t have malicious intentions and that they only did this because they were a bit too lazy to code the audio drivers for monitoring and recording user keystrokes just as soon as a hotkey will be pressed. This coding allows for auto-keys for switching on or off things such as microphones, vides, etc.
What happens on affected laptops is that when a key is pressed, the pressed keys are recorded over to a text log file. In the event the logs will be cleaned or wiped off, all the keys entered from the keyboard will be stored. This includes passwords, usernames, communications or messages and many others.
Just as soon as ModZero found out about the issue, they immediately tried contacting HP and Conexant but unfortunately, they were ignored. Seeing as they were ignored and none from Conexant or HP were willing to address the issue, ModZero immediately made a public announcement of the issue with the aim that it could be addressed right away.
As soon as the news about the keylogging issues spread the internet, HP finally resulted to moving towards creating a patch that would deal with the problem.
In a recent interview with HP by ZDNet, they said “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.”
Also, Mike Nash (VP of HP) gave a few hints about the latest fix and said to ZDNet that it would be available in the market for models that came out in 2016 as well as the later models that are dealing with the keylogger issue. As for the older models of computers – say 2015 and earlier, they will be getting patches right away.
In this interview, the VP of HP did not gave an estimate as to how many units were affected and he disclosed that the issue was merely added to the audio driver by mistake.