A cybersecurity company has discovered that HP has been shipping a keylogger in its computers since “at least Christmas 2015.”
A keylogger is a piece of hardware or software that records the keystrokes that someone makes on a device. This can be used to steal login credentials, bank details, etc.
In HP’s defence, ModZero, the company that discovered the keylogger, thinks that the software was unintentionally included with HP’s devices.
While a keylogger is normally installed with malicious intent, this one appears to have snuck in because of sloppy code from Conexant’s part. Conexant is a company that’s best known for developing audio chips for computers.
The driver package that Conexant uses included the keylogger.
As ModZero explains, a driver does need to keep track of the keypresses of a user, and many drivers do this. The driver will need to keep track of keyboard mute commands, for example.
However, Conexant’s implementation records all keystrokes and stores them in a publicly available file on your computer.
Since the keylogger has been around since 2015 at least, it’s possible for a hacker to access the log from an infected computer. The log is overwritten after each login, but as ModZeropoints out, the file could be included in archived backups as well.
HP and Conexant didn’t respond to ModZero’s request for comment and HP Enterprise (HPE) disclaimed all responsibility.
It’s more worrying that Conexant makes hardware for the US military as well, and if this kind of sloppy code snuck in, it could mean the US military is also compromised to some extent.
A full list of affected devices is as follows (data from Bleeping Computer):
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
The above devices running Windows 7 and later, Windows 10 IOT Enterprise, Windows Embedded Standard 7 and Windows Embedded Standard 7E are affected.
If your device is affected by the keylogger, head here for instructions on how to remove the program and delete all logs.