HP has released updates for over 470 computer models that were found with an accidental pre-installed keylogger in the Synaptics touchpad driver.
The update is available for over 170 commercial notebooks, mobile thin client and mobile workstation models, and nearly 300 consumer notebooks.
HP notes in an advisory the “potential security vulnerability” stems from certain versions of Synaptics touchpad drivers. This affects all hardware that use the drivers, so there could be further updates to come from other PC makers.
According to the Michael Myng, the security researcher who found the keylogger, the logging capability was disabled by default, however an attacker could enable it by changing a value in a relevant section in Windows Registry.
“A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue,” said HP.
HP described the issue as a “local loss of confidentiality”, meaning that any keylogging that would be taking place would be happening on the device.
Myng, who also uses the Twitter handle ZwClose, said he discovered the keylogger while investigating how to control the backlight on an HP laptop’s keyboard. The keylogger is actually a debug trace
Some of the affected models don’t have fixes available, including several HP Envy models, HP TouchSmart notebooks, and HP Stream x360 11 Convertible Notebook (models 11-p0XX and 11t-p000).
The new bug is reminiscent of a keylogger found this May in a Connexant audio driver used on several dozen HP computers. Again, there was a debugging feature in the driver that was inadvertently logging all keystrokes. HP said this caused a local loss of confidentiality too.
Mondzero, the Swiss firm that found it, criticized HP for releasing a new driver package that still had the keylogger function. HP later delivered another update that successfully remove it.