Friday, May 19, 2017

Security warning for users of HP laptops


If you use a HP laptop computer, or if friends and family use them, you or they may be affected by a security issue that's recently cropped up.  Sky News reports:

Security researchers have discovered that a feature installed in a number of HP laptops is recording all of the keystrokes that the laptop users make.

In capturing everything users press on their keyboards the software is recording sensitive information, and by saving that information in an easily accessible file the researchers claim that it is potentially exposing users' passwords to attackers.

According to the Swiss cybersecurity group behind the research, Modzero, the feature wasn't designed to spy on users - but it was implemented in such a way that it records everything users type.

This means that from the moment a user logs into Windows on affected HP laptops, every key they press, including to enter passphrases for online banking and email accounts, is recorded and stored.

. . .

HP told Sky News: "Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com."

There's more at the link.

I checked my own laptop last night, and sure enough, the keylogger files were there.  I deleted the files, then used Windows' Device Manager to update the driver to HP's new version.  That appears to have fixed the problem.

You'll find details of how to check your own computer here.  I used it to check mine, and its methods worked.  ZDNet has more technical details of the problem and its fix here.

Please check your own computer as soon as possible, and please pass the word to your family and friends to check theirs.  I guarantee you, hackers are even now trying to figure out how to access the key log file on your system (if it exists), and copy it to their own servers, where they can analyze it to see whether key financial information, passwords, etc. was recorded.  If they find it, you may wake up one morning to find your e-mail compromised, or your bank account accessed, or any of a number of other nasty outcomes.

Peter

9 comments:

Jim said...

Thanks for the tip off. I have an HP laptop, but apparently it's new enough that this "feature" was not included.

reverendken said...

One more reasonto use linux instead of windoze.

Orvan Taurus said...

And your own install, at that.

Boyd Kneeland said...

Pretty sure it's any HP hardware (desktop, laptop) with conexant audio built in. Conexant was stupid about a driver that let you change volume etc with keyboard input and HP didn't bother to catch it for years.

Harry Flashman said...

Wish we had some of that rain coming. Bright , hot , humid days here. Still in a drought that's lasted over a year now.

Jennifer said...

Thanks! I will check as soon as I get home.

Glen said...

You have my sympathy Peter-in my experience driving tends to greatly aggravate a kidney stone attack.

Francis Turner said...

Also HP wireless mice are a problem. Mind you I strongly suspect this is not JUST limited to HP. AFAICT it does not affect Microsoft or Logitech products but I'm going to guess it may well apply to many cheap no name/OEM wireless mice/keyboards

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-010.txt

Anonymous said...

Interesting that the trouble is for Win 7 and Win 10 systems, but not Win 8.1.

Antibubba