If you bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 shipped with a secret keylogger installed. Alongside the announcement, HP released driver updates to eradicate the software on affected laptops.
Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”—not necessarily just HP models.
The keylogger is disabled by default, however. “A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.
How to remove the keylogger in HP laptops
The same security bulletin includes separate software update links for every HP laptop loaded with the keylogger. HP says you should install those updates “as soon as possible.” CSO counted them all up and found a total of 475 affected laptops, with 303 being consumer laptops. Spectre, Envy, Pavilion, Omen, Compaq—they all contain the keylogger