Well, not exactly countless, but over 460 HP laptops are affected. The company is rolling out a fix for its touchpad driver, which has been found to contain a keylogger by a security expert.
A situation not unlike the keylogger that was found in the audio driver recently.
According to security researcher Michael Myng, this keylogger records pretty much every keystroke on a computer. The malicious code has been found hiding in the Synaptics Touchpad software, and was discovered when he was looking into ways to control the keyboard backlight on his laptop.
Apparently, the keylogger isn’t activated by default, but can easily be turned on by any cybercriminal that gets access to the system.
As for its part, HP says that the keylogger was originally developed with telemetry in mind, and was integrated into the Synaptics software to collect debug information and help correct errors.
A support document dated November 7 says:
“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.”
The list of affected models is expansive — and includes hundreds of laptops in the EliteBook, ProBook, Spectre, Zbook, Envy, and Pavilion range of devices. Basically, all major notebooks that HP launched in recent memory.
Or, as far back as 2012.
If you own an HP machine, and want to install the fix, check the security bulletin linked above that lists a new driver for each laptop. The new versions can then be automatically installed using the HP Support Assistant app on your notebook.