According to a Swiss security researcher ModZero, a dozen laptops from HP have an issue, where your keystrokes including passwords are being recorded. The issue is specifically with a audio driver installed on some HP laptops, which have a keylogger built-in and stores the log files unencrypted on the laptop itself. The good thing is that it does not keep records for more than a session and rewrites everything, everytime a user logs in.
The driver in question is made by Conexant, which according to Zdnet is found on HP’s enterprise range of laptops including Elitebook, Probook, Zbook and even the latest G1 Folio. The driver basically has a keylogger to pick up hotkeys to react to functions like mute/unmute. The keystroke logs are saved unencrypted in hexadecimal format on the system itself, which can be easily decoded.
Hence, anyone who has access to the affected laptop or any Malware running in the background, can access information like visited websites, passwords, chat conversations and other sensitive information. Even if there isn't a log file on the system, any malware with access to the driver’s API can capture user keystrokes.
Meanwhile, HP has confirmed that it is aware of the issue and have issued a fix for the same. The update is available via Windows update and HP’s own website for 2016 and later models. Older models should get the update today. According to Zdnet, HP’s VP Mike Nash said, that the keylogger feature was not supposed to be rolled out on laptops and was added by mistake.
HP currently has no estimate on how many devices are affected, but may also include some consumer laptops with Conexant audio drivers. However, it should be notes that the update is being rolled out.