A keylogger was discovered by the keyboard driver of HP, and can potentially be abused by malware. The keylogger was found inside the driver of the Synaptics Touchpad, potentially affecting millions of users.
HP reports that for the vulnerability an attacker needs administrator rights to use it. Nearly 500 models laptops and desktop models are affected. HP responded quickly after reporting his findings to the company and said it was code that was left over during debugging.
The keylogger was disabled by default, a simple change in the Windows Registry could enable it. HP has released an update to remove the code from the driver. The update can be downloaded from HP’s website and through Windows Update. The HP website also has a list of affected laptop models. The list contains about 500 different models.
It’s the second time this year a keylogger was found on HP’s laptops, previously a keylogger was found in audio drivers used on HP devices.