HP's audio driver has a keylogger, fix issued

Drivers are small pieces of software that allow an operating system to communicate and use hardware. Each driver is focused on a specific class of hardware, like display, USB, audio, etc. So when an audio driver starts logging every keystroke made on a computer, you know something's up. That's the situation HP found itself in when security researcher Modzero reported that one of its audio drivers has a hidden keylogging function that poses a security risk to owners of its enterprise laptops.

According to Modzero, the driver for Conexant HD audio chips in some of HP's enterprise models, including the Elitebook, ProBook, and ZBook lines, was logging keystrokes made on said laptops and storing them in a file that is potentially accessible to a hacker. Which means that things like passwords and browsing histories are fair game for them.

HP has reportedly made available a fix that addresses this critical security hole. The fix also deletes whatever logs were already created by the drivers. According to the company, the functionality was used only in development but was mistakenly shipped in the production version of the driver.

2016 and newer models can already get the fixed version either directly from HP's website or via Windows Update. For older models, the fix will be made available this weekend. HP confirmed but didn't specify which consumer models are affected.

SOURCE: Modzero