HP “Keylogger” a Mistake, is Already Fixed

Posted on May 12, 2017 by Paul Thurrott in Hardware, Windows 10 with 13 Comments

HP "Keylogger" a Mistake, is Already Fixed

A wide-reported “keylogger” found in many HP PCs is a debugging tool that inadvertently shipped on production machines, HP tells me. Better still, the problem is already fixed.

This episode is obviously reminiscent of the infamous “Superfish” fiasco, in which that firm’s consumer PCs were found to have malware installed that was designed to spy on users. Superfish was both stupid and a technical error on Lenovo’s part, but that company later turned things around nicely and embraced the Clean PC initiative.

In HP’s case, the “keylogger” is not malicious and wasn’t supposed to ship on production PCs. Instead, the code is used to debug device drivers while in testing only. HP just shipped the wrong version of the driver on its PCs.

I spoke with HP’s Mike Nash about this incident last night. He told me that the company never logged any data from customers, and that the fix—via the production version of the impacted drivers—was already deployed to Windows Update. So if you have an HP PC and are worried about this issue, just check for updates.

The “keylogger” was found by security researchers at Modzero, who informed HP of the issue but went public before the PC maker could release a fix.

“There are very few situations where you would describe a keylogger that records all keystrokes as ‘well-intended’,” the Modzero alert notes. Reporting the issue before the fix was available is likewise hard to describe as “well-intended.” The idiocy continues: “So what’s the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP? The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website.”

We don’t need to speculate. It was an honest mistake. It’s been fixed. Moving on.


Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (13)

13 responses to “HP “Keylogger” a Mistake, is Already Fixed”

  1. harmjr

    But when I put on my tin foil hat Paul it looks a bit strange. Maybe another way the CIA was exploiting our computers. Maybe it was sending the data back to Area 51.

  2. chump2010

    I don't think you can say mistake fixed, time to move on. This is a serious breach of privacy. We pay them for good quality machines - they are not doing rung to the bottom machines. So if your buying a premium machine, you don't expect a hardware keylogger on it.

    You don't expect the quality control to be so poor, that they don't even do a check to see what software is being installed. If that is happening, then you can safely say, that there quality control processes are poor. If there quality control processes are poor, then maybe the build quality and components are not that great either.....

    • hrlngrv

      In reply to chump2010:

      It's also a mistake of stupidity which implies poor procedures. Indeed, shouldn't be dismissed just yet.

    • GarethB

      In reply to chump2010:

      The fact is that these drivers were being deployed for so long - and that many customers don't know how compromised they are now (that everyone knows)

      Sure, HP probably didn't intend for this - but their negligence will potentially cost many of their customers plenty. More than the 'Superfish' issue (which whilst overblown in many ways), at least they've quickly admitted fault, which took Lenovo a little too long to do.

  3. hrlngrv

    Honest mistakes can also be the product of negligence. Apparently HP doesn't maintain a list of files added to systems during testing which should be removed BY SCRIPTS (VBScript, Powershell, CMD batch files, whatever) before shipping to customers or retailers. In 2017.

    Yes, human error, but in this case the bigger error is one of process/procedure rather than merely human forgetfulness.

  4. hrlngrv

    Look a the picture which leads this article. The toddler pouring milk poorly is an honest mistake, but oh so cute. The parent putting the toddler on the counter or leaving stuff the kid could use to climb onto the counter is real problem. Nice subconscious metaphor.

  5. t1618

    No need to speculate, because HP say so. Thank you Paul.

    Moving right on - to the next perfectly honest and innocent mistake.

    Such swift adjudication on our behalf is quite distasteful. You don't care, so neither should we.

    Choice of words is important, so let us consider, "the company never logged any data from its customers..."

  6. Waethorn

    This is why I wipe OEM machines and load them with a clean install before selling them.

  7. Steve78

    It may have been a 'honest mistake' but it exposes a serious flaw. HP are clearly not vetting what is pre-installed on their PC's which is indefensible!

  8. mortarm

    Another mistake was letting that kid pour his own milk. ?

  9. rakitik23

    What a great approach to the subject, I was looking for. Thanks for these tips http://park-lane-escorts.eu

  10. Carlouiss123

    Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on Nov. 7 posted device-specific patches for most of the models affected, which can be downloaded here. Hopefully, the tool was already removed from your notebook, as Microsoft bundled those patches into the November Windows update. Party booth Manchester

    If you can't find your model in the linked page, just run Windows Update by clicking the Start button, clicking the settings gear, hitting Windows Update and tapping Check for Update. In its advisory, HP noted that "a potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partner