A wide-reported “keylogger” found in many HP PCs is a debugging tool that inadvertently shipped on production machines, HP tells me. Better still, the problem is already fixed.
This episode is obviously reminiscent of the infamous “Superfish” fiasco, in which that firm’s consumer PCs were found to have malware installed that was designed to spy on users. Superfish was both stupid and a technical error on Lenovo’s part, but that company later turned things around nicely and embraced the Clean PC initiative.
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
In HP’s case, the “keylogger” is not malicious and wasn’t supposed to ship on production PCs. Instead, the code is used to debug device drivers while in testing only. HP just shipped the wrong version of the driver on its PCs.
I spoke with HP’s Mike Nash about this incident last night. He told me that the company never logged any data from customers, and that the fix—via the production version of the impacted drivers—was already deployed to Windows Update. So if you have an HP PC and are worried about this issue, just check for updates.
The “keylogger” was found by security researchers at Modzero, who informed HP of the issue but went public before the PC maker could release a fix.
“There are very few situations where you would describe a keylogger that records all keystrokes as ‘well-intended’,” the Modzero alert notes. Reporting the issue before the fix was available is likewise hard to describe as “well-intended.” The idiocy continues: “So what’s the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP? The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website.”
We don’t need to speculate. It was an honest mistake. It’s been fixed. Moving on.
chump2010
<p>I don't think you can say mistake fixed, time to move on. This is a serious breach of privacy. We pay them for good quality machines – they are not doing rung to the bottom machines. So if your buying a premium machine, you don't expect a hardware keylogger on it. </p><p><br></p><p>You don't expect the quality control to be so poor, that they don't even do a check to see what software is being installed. If that is happening, then you can safely say, that there quality control processes are poor. If there quality control processes are poor, then maybe the build quality and components are not that great either…..</p><p><br></p><p><br></p><p><br></p><p><br></p>