Hewlett Packard has released a fix for a problem in its laptops that made it possible to record everything users typed.
The privacy issue that was first discovered by a security researcher Michael Myng who identified the keylogger found that it was in laptops’ touchpad drivers.
According to HP, more than 460 laptop models have been affected by this “potential security vulnerability”. The keylogger is believed to affect 475 models of HP laptop, including Elitebook, ProBook, ZBook, Envy and Pavilion, among others.
They keylogger is preinstalled on laptops in the HP Elitebook, HP ProBook, HP Pavilion and HP Envy ranges, among others.
The keylogger is used by the Synaptics TouchPad software, which controls the touchpad user interface, and was designed to help monitor and repair any bugs it may contain.
Keylogger is a kind of software that captures a person’s keystrokes on a keyboard or pinpad. They recognise the keys pressed and capture that information, usually with the intention of sending it on to a person wanting to harvest the details.
The American technology company has published a complete list of affected devices, dating back to 2012.
HP has also created a website that lets users check if their laptop is hacked.
HP has provided a patch for the issue for the US and has advised its customers to act upon it as soon as possible.
As per Michael Myng, the fix for the issue will also be available to download and install from Windows Update.
Although the keylogger is disabled by default, hackers can still activate the software to record the user's keystrokes- this could include passwords, personal information and banking details.
The problem was accidentally discovered when he was trying to control the keyboard backlight on an HP laptop while using the Synaptics Touchpad software.
HP acknowledged in its notes that the patch could lead to “loss of confidentiality” for the affected customers, but that neither Synaptics nor HP had access to customer data as a result.
By stirring the details of every keystroke made in unencrypted plain text files, hackers or third parties could access everything users have ever written.
In a blog post by ModZero, the firm said: “There is no evidence that this keylogger has been intentionally implemented.”
“Obviously, it is the negligence of the developers which makes the software no less harmful,” added Modzero.
Discover the latest business news, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!