HP Has A Second Massive Security Flaw In Its Laptops


Back in May, we warned you of a massive, self-inflicted security flaw, namely a keylogger, in Hewlett Packard laptops due to a flaw in an audio driver. Now, another keylogger has turned up, in a far more extensive security problem that reaches back to 2012. So what is a keylogger, and why is this happening?

  • What’s a keylogger?: “Keyloggers” are programs that record every keystroke you enter into a computer. The ultimate goal of keyloggers, when cybercriminals use them, is to collect your username, passwords, and other information to drain your bank accounts, but they can also be used for blackmail, if you’ve got salacious chat logs or a particularly embarrassing browser history.
  • Why does my Hewlett Packard laptop have one? In May, it was due to a piece of software watching for you hitting a specific key. This time around, the problem was found in the software that runs the laptop’s touchpad. Found by Michael Myng, it appears it was originally intended as a behind-the-scenes tool to track bugs before the computers were released, and simply never pulled out of the final software. When Myng contacted HP, they replied almost immediately with an update.
  • Am I at risk?: If you own an HP laptop from 2012 on, then yes, there’s a problem you’ll need to fix. The good news is that it appears this was disabled by default, but enabling it would have been fairly simple if you knew what to do in the first place. There’s also the fact that this is the second keylogger found inside HP’s software in less than a year; that’s likely to send white hat hackers crawling through the code not just of HP laptops, but others as well.
  • How can I protect myself from flaws like this? The short answer? Use Windows for the fun stuff, and for work and privacy, use a different operating system such as Ubuntu, although that presents itself with a whole new set of problems. Hewlett Packard is hardly unique in the tech industry for rushing products to market without looking at every last bit of software, or considering its implications. For all we know, this and far worse is lurking deep inside our laptops, and it simply hasn’t been found yet.

Using a computer, any computer, is an act of faith. We trust that the software is well-written, that the company that built the computer is honest, secure, and knows what it’s doing, and that our data is protected. Most of the time, that faith is justified. But that it’s increasingly not is becoming a worrying trend.