HP has updated its audio drivers to fix the keylogger situation that was discovered last week. Security researchers had discovered that 28 HP laptops and tablet PCs had an audio driver with a functionality that was working better than originally intended, collecting all keystrokes instead of just detecting when the user was trying to mute and unmute the audio, for instance.
“Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version,” HP said in a statement.
The keylogging function has been around since a version that was released in December 2015, although the presence of the log file only came with the October 2016 update.
Version 10.0.931.90 has now been released, which fixes the problem. In order to get the update, visit hp.com and search for the latest audio driver for your device model.
Modzero, a Swiss security firm, warned last week that an app that came installed with many HP devices featuring a Conexant audio driver was logging keystrokes in a file that could easily be grabbed if the device became infected. The keystrokes were then transmitted to a debugging API, which allowed the local user or process to easily access everything in there.
Identified as CVE-2017-8360, the vulnerability affects 28 HP laptops and tablet PCs, including EliteBook, ProBook and others. The audio chip maker has yet to discuss whether other laptops made by other vendors featuring their chip could also be affected.
The keylogger capabilities were supposed to be a lot more restrained. In fact, the functionality was designed to help determine whether the user was pressing any of the special audio keys, so the driver could react accordingly. Researchers believe the extended capabilities may very well be the result of negligence as there is no evidence of malicious intent.
The company claims the bug doesn't allow it to access customer data. It's worth mentioning that HP has moved quite fast in releasing an update to fix the situation.