HP Says Keylogger Was Just Non-Disabled Debugging Tool, Updates Driver

After it was revealed that an audio driver installed on several HP laptops contained a feature that secretly recorded every keystroke entered into the computer, we reached out to HP for comment and were informed by a member of the company’s crisis communications team that a new audio driver is now available with the keylogging feature removed.

Although the release notes for the updated Conexant HD audio driver dated May 14th simply state "provides update for audio issue,"  digging deeper we found a security bulletin that appears to address the issue directly listing the security impact as "potential, local loss of confidentiality."

According to the company, the keylogging feature was in fact a debugging tool that was simply not disabled prior to product launch.

From the security bulletin:

A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. HP has no access to customer data as a result of this issue.

A list of almost 90 affected desktop / laptop systems can be found here. The updated Conexant HD audio driver can be downloaded here.

This thread is closed for comments
    Your comment
  • captaincharisma
    HP's PR is just as bad as their computers lol
  • Alex-Nigma
    As a programmer with 7 years under my belt I cannot come up with ANY necessity to have a key-logger as a debugging tool in audio drivers. Any ideas?
  • Robert Pankiw
    @Alex-Nigma Sure, if the keyboard is used to affect audio settings (FN keys) then it would make some sense that they want to review all keys pressed and how that affected the audio, especially if they used non-standard keys for at least one model, and wanted to have a single, unified driver but didn't want the non-standard keys to affect computers that didn't implement it.