Security researcher Michael Myng announced that he uncovered a keylogging component in HP’s keyboard driver. The keylogging code seems to be from a debugging tool that HP forgot to take out before shipping the driver to customers. The company forgot to disable similar keylogging functionality from an audio driver earlier this year, and it was also found to be silently collecting data on its customers computers with a new telemetry client.
Key Logging In Audio Driver
Earlier this year, another researcher found another keylogging tool in HP’s audio driver that could record every keystroke and store it locally on the machine in plaintext. Any malicious actor with access to the computer could have retrieved those recordings, which could have included logins and passwords for online accounts. The researcher said that the keylogger had been in the audio driver since at least 2015.
HP said that it was just a debugging tool it forgot to disable before shipping the audio driver, and it issued a silent update at the time to patch the driver and disable the keylogging functionality.
HP Telemetry Collection
Only weeks ago, HP was also found to install a “telemetry client” on its customers’ computers. Some customers have claimed that it slowed down their computers. HP said that the service, called “HP Touchpoint Analytics,” only collects generic hardware information, and that no data is collected unless access is “expressly granted.”
However, multiple users have said that the software was installed in the background without them knowing about it. HP seems to have replaced its HP Touchpoint Manager client with a cloud-based “Device as as a Service” solution that collects data from its customers’ machines once a day.
New Key Logging Tool Forgotten In Keyboard Driver
The researcher who uncovered the keyboard keylogging functionality recently said that this also seems to be an issue of debugging code being forgotten in the driver and then shipped to customers. The keylogging was disabled by default, but it could be re-enabled with a registry change that would require User Account Control (UAC) permission.
HP has released an update for their keyboard driver that removes the debugging code from hundreds of laptop models, and it posted a list of affected models online.
