History seems to be repeating itself.
Back in May, security researchers discovered that. Now, it appears there's yet another keylogger embedded in a piece of HP software.
Although it wasn't widely reported until today, a Nov. 7 HP security bulletin revealed that a Synaptics touchpad driver has the potential to be used as a keylogger, leading to a "local loss of confidentiality."
Fortunately, according to researcher Michael Myng, who discovered the vulnerability while looking at an HP laptop's keyboard-backlight settings, this logging is disabled by default. A hacker seeking to enable it would need to modify a Registry value, which could be done only with User Account Control (UAC) access.
Confirmed HP: "A party would need administrative privileges in order to take advantage of the vulnerability." The company's bulletin also noted that "neither Synaptics nor HP has access to customer data as a result of this issue."
Myng also wrote about HP's swift action upon learning of the issue: "So, I messaged HP about the finding. They replied terrificly [sic] fast, confirmed the presence of the keylogger (which actually was a debug trace), and released an update that removes the trace."
Are you affected?
To see if your laptop contains this particular driver, check the models listed on the HP Security Bulletin page.
Thankfully, there's already an updated driver available that removes the vulnerability. If you find your laptop on the list, just click the corresponding link alongside it to download the new driver.
A keylogger is often used by IT departments to help troubleshoot network issues, but hackers will sometimes use them to capture sensitive data such as passwords and credit-card numbers.
As always, you should keep your operating system updated with the latest security patches, while at the same time watching for patches from your PC manufacturer.
At press time, HP had not responded to a request for comment regarding this issue.