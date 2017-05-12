Become a fan of Slashdot on Facebook

 


HP Issues Fix For Keylogger Found On Several Laptop Models

Posted by msmash
HP says it has a fix for a flaw that caused a number of its PC models to keep a log of each keystroke a customer was entering. The issue, caused by problematic code in an audio driver, affected PC models from 2015 and 2016. From a report: HP has since rolled out patches to remove the keylogger, which will also delete the log file containing the keystrokes. A spokesperson for HP said in a brief statement: "HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue." HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices. Nash didn't how many models or customers were affected, but did confirm that some consumer laptops were affected. He also confirmed that a handful of consumer models that come with Conexant drivers are affected.

  • A fix is all well and good, but an explanation would be a nice touch. I guess people just don't get pissed off about getting the shaft anymore.

    • Re:Fine. (Score:4, Insightful)

      by Megane ( 129182 ) on Friday May 12, 2017 @10:12AM (#54405419) Homepage

      From what I saw yesterday, the "explanation" is:

      1: mediocre programmer guy wants to check the keystrokes that affect volume control, adds a keylogger to the code for debugging
      2: poor version control, or a total lack thereof, combined with lack of code review, allows "temporary" debugging keylogger code to become part of and remain enabled in main-line production code
      3: someone eventually discovers it and SHTF

      In other words, Hanlon's Razor. [wikipedia.org]

      • Re:Fine. (Score:4, Insightful)

        by anegg ( 1390659 ) on Friday May 12, 2017 @10:41AM (#54405625)
        Words fail me. Whether this was incompetence or a poorly-kept secret, the implications are troublesome. A clear demonstration that even mainstream commercial software can't be trusted in some pretty fundamental ways. Yet we conduct more and more of our personal and professional lives on and through software-controlled systems. The explanation is that it was done accidentally, which implies that it is relatively easy to do and will not be detected by whatever quality assurance processes are in place.

    • Re: (Score:2)

      by Thud457 ( 234763 )

      HP Issues Fix For Keylogger Found On Several Laptop Models

      More like "HP Issues Fix For Keylogger SECRETLY INSTALLED On Several Laptop Models"

  • I only buy Windows 7 machines for myself and my company, but the first thing I do when I buy them (new or refurbished) is format the drive, install Windows 7, and use the Windows drivers whenever available.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The driver containing the keylogger was distributed by Windows Update.. Unless you deactivated driver loading from Windows update, your wiped laptop is also affected.

      • Why the fuck would Microsoft be distributing HP's software? I very much doubt it came via Windows Update, but I don't mind being corrected, please send links to anything which states it was via Windows Update.
        • Because it's a service that is offered in an attempt to keep machines with custom hardware up to date.
          • Well I did mention links with some kind of proof - just saying "because" is not proof.
            So I googled that for you...
            https://support.hp.com/us-en/d... [hp.com]
            And if it's the TLDR thing then here is the relevant bit

            Many, including Hewlett-Packard, use the Windows Update tool to distribute their updates.

        • Re: (Score:2)

          by omibus ( 116064 )

          Because it is a driver, and Microsoft writes as few of those as it can.

    • I do the same, ESPECIALLY laptops, I don't need a hidden "recovery" partition sucking up space. Although I generally try get the latest drivers from the manufacturer - preferably BEFORE formatting, although that is sometimes not possible. I remember once having to go buy a memory stick and go to an internet cafe to get network drivers (many moons ago) so that I could get my NIC up and running - the stock Windows drivers did not recognize it.

    • Re: (Score:2)

      by ledow ( 319597 )

      Same, but Windows 8/8.1

      I have precisely three drivers listed in my WDS driver packages.

      One is for an IBM BladeCenter SAS RAID controller that blue-screens with the default Windows one (so all the blades have to start using that driver from the very first boot or they will blue-screen, even if you push updates later).

      Two for gigabit-network cards that aren't covered by plain Windows install disk / WDS installs (purely to kick-start them being able to get out to Windows Update and download a better driver and

  • Flaw? (Score:1)

    by Anonymous Coward

    A fully functioning keylogger is a flaw?

  • Is it just me, or is this patch that difficult to find? I know google is my friend, but this is just sad.

    • Re: (Score:2)

      by athmanb ( 100367 )

      It's the "Conexant HD Audio Driver", downloadable from the HP driver website for your model.

  • Sorry, but one of our programmers leaned on his keyboard while eating lunch and wouldn't you know, it caused the driver he was working on to start logging keystrokes and storing them into a file.
  • You mean a fix as in it is no longer detected?

