large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

HP laptops vulnerable to keylogging attacks — here’s what you need to do now

More than 460 HP laptop models feature a dormant piece of software capable, when active, of logging users’ every keystroke.

Security researcher Michael Myng discovered the hidden tool sitting within the Synaptics Touchpad device driver, while investigating how to control the keyboard backlight.

After consulting with HP he learned the keylogger is present within a huge range of Envy, Elitebook, Pavillion and ProBook laptops, dating all the way back to 2012.

Should the keylogger be activated by an attacker with physical access to the machine, it would enable them to record a full list of keystrokes being typed by the laptop owner.

Related: Best laptops 2017

“Some time ago someone asked me if I can figure out how to control HP’s laptop keyboard backlight.

“I asked for the keyboard driver SynTP.sys, opened it in IDA, and after some browsing noticed a few interesting strings,” Myng explains (via TechCrunch).

He said he alerted HP, which confirmed the existence of the keylogger, claiming it was for debugging purposes.

As a result, HP has published a full list of the laptop models affected by the issue and has outed a fix to rid it from those machines.

Myng wrote: “They replied terrifically fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.”

You can check here to see if your laptop is among them, and download the patch here. It’ll also be available through Windows Update, Myng says.

Is your laptop among those vulnerable to the attacks? Drop us a line @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.