Keylogger on HP Laptops found in Audio Driver

[Eriol]

So if you have a recent HP laptop, you have a keylogger installed by default! Keylogger Found in Audio Driver of HP Laptops

The list of affected laptops is this:

HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

And I wouldn't be surprised if it's also on other laptops with that audio chipset, but this is what's confirmed so far.

I don't have that laptop (I have an ancient Gateway from 2005-ish) but I wanted to make sure anybody here knew about this. Read the article for how to mitigate the problem.
X

 

[GasBandit]

Aw, shit. My 7-year-old Asus laptop uses Conexant HD audio. I better check it when I get home.

 

[Eriol]

Follow-up: HP issues fix for 'keylogger' found on several laptop models

Apparently the 2016-and-forward models are fixed, with a Windows Update all you need to remove the code and the log file. 2015 models will have something out friday (today as of this writing).

Hard to find it on HP's website (probably easier if you can put in a specific laptop serial number), but if it's on Windows update, people should be OK.



Oh and as for my personal feelings on this, I think it's sloppy, but not malicious. It's EASY to leave in test code that shouldn't be there in release. That's what reviewers are for, so that other sets of eyes look at your code, but even then if you have a sprawling update, things can get missed. That something of this magnitude was missed for so long is a whole other thing, but again, not hard to see how it happens. It's against best practices, and bad for all those kinds of reasons, but I doubt malice.

I'll actually give credit for a quick response on this one, as long as they didn't know prior to publication. If they did, then publication should have been the fix. If they knew before but didn't care until publication, then that's bad, but there's no way to know which it was.