Keylogger discovered preinstalled on some HP laptops

A driver developed by a third party was found depositing every keystroke into an unencrypted file on the computer's hard drive.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

May 11, 2017 6:03 p.m. PT

2 min read

Something's watching you.
Sarah Tew/CNET

Your new HP laptop may be recording everything you do on it.

That is the warning issued Thursday by Swiss security researcher ModZero, which discovered an audio driver installed on several HP laptops contains a keylogger-type feature that secretly records every keystroke entered into the computer to an unencrypted file on the computer's hard drive.

The driver, developed by audio chip maker Conexant, is loaded on more than two dozen models of HP laptops and tablets , including the HP Elitebook , ProBook and ZBook models.

The stored keystroke data would likely include records of passwords, websites visited and private chat messages. Anyone with access to the computer using the driver would also have access to that information and other sensitive information, regardless of whether they were authorized to see the data.

The driver in question includes an executable file for controlling audio hardware when a user presses special keys. However, the software includes a debugging feature that sends all keystrokes through a debugging device or deposits them to a log file in a public directory on the hard drive.

"This type of debugging turns the audio driver effectively into keylogging spyware," ModZero researchers wrote. "On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015."

ModZero said the log file is overwritten every time the computer is booted up.

Conexant didn't immediately respond to a request for comment.

HP said it was aware of the issue but had no access to customer data as a result of it.

"Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version," HP said in a statement, adding that fixes are available via HP.com.

Updated at 5 p.m. 5/13 to correct spelling of Conexant.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.