Many HP Laptops Have Keyloggers Installed, Warns ModZero

The keylogger is found within the PCs' audio driver software and has existed since at least December 2015, the security firm Modzero said in a blog post.

"This type of debugging turns the audio driver effectively into keylogging spyware", ModZero researchers wrote.

You can visit Modzero's security advisory for the full list of affected laptops and versions of Windows.

According to the Swiss cybersecurity group behind the research, Modzero, the feature wasn't created to spy on users - but it was implemented in such a way that it records everything users type. In the event that this log file does not exist, the keystrokes are passed to the OutputDebugString API, allowing any process to capture this information without being identified as a malicious program. Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model - for example special keys for turning on or off a microphone or controlling the recording LED on the computer.

'Obviously, it is a negligence of the developers - which makes the software no less harmful'. HP declined to inform Sky News of how many customers it believes may be affected by the issue. Since it's not, anyone who has access to the audio driver would also be able to access the information stored, which could include everything that involves keystrokes.

According to the Swiss security researcher, the secret driver developed by audio chip maker Conextant has been baked in over two dozen models of HP laptops and tablets, including the HP Elitebook, ProBook and ZBook, notes CNET.

HP has said it is aware of the issue.

Portable computers from HP Inc are shipped with an audio driver that silently captures all user keystrokes and records them in an unprotected file, causing major security and privacy risks.

Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools.

HP vice-president Mike Nash told ZDNet that the keylogger feature was unintentionally added to the driver's production code and was never meant to be rolled out to end-user devices.

ModZero got in touch with both Conexant and HP and neither responded, which is why this information is now being published.