At least 460 models of Hewlett-Packard laptops since 2012 have a pre-installed "keylogger" function that records every keystroke, which hackers can use to obtain sensitive information, a Swiss security researcher revealed.
Recently, security researchers have diagnosed a specific keylogger in the HP laptops which is a piece of software and aims to transfer users' data to the centralized hubs. However, an attacker with physical (or remote) access to a computer could have activated the keylogger by modifying a registry key for their own nefarious purposes. In his post, Myng said that he messaged HP about his discovery and the company responded quickly by confirming the issue and releasing a software update to resolve the problem. Many older Compaq models are on the list as well.
Thankfully, there's already an updated driver available that removes the vulnerability.
The bug was disclosed by "ZwClose", who was looking through the driver to see if he could adjust the backlighting of HP laptop keyboards.
With that said, if you have an HP laptop, you may be wondering if your laptop has the driver installed that contains this debug trace, or keylogging, feature.
It was originally meant to act as a debugging tool to check for errors in Synaptics software.
Owners of some HP Envy, Stream and HP x360 11 convertible products are still awaiting on an update; however, according to ZwClose, Microsoft will issue a Windows Update shortly.
HP confirmed the finding in its notes for the patch that the flaw could lead to "loss of confidentiality" for affected customers and since released firmware updates to address the potential security vulnerability.
Because the keylogger is present on almost all of models HP laptop, it's highly like your laptop includes it too. A party would need administrative privileges in order to take advantage of the vulnerability, ' said HP in a statement on its website.