From Tom's Hardware: Security researcher Michael Myng announced that he uncovered a keylogging component in HP’s keyboard driver. The keylogging code seems to be from a debugging tool that HP forgot to take out before shipping the driver to customers. The company forgot to disable similar keylogging functionality from an audio driver earlier this year, and it was also found to be silently collecting data on its customers computers with a new telemetry client.
Earlier this year, another researcher found another keylogging tool in HP’s audio driver that could record every keystroke and store it locally on the machine in plaintext. Any malicious actor with access to the computer could have retrieved those recordings, which could have included logins and passwords for online accounts. The researcher said that the keylogger had been in the audio driver since at least 2015.
HP said that it was just a debugging tool it forgot to disable before shipping the audio driver, and it issued a silent update at the time to patch the driver and disable the keylogging functionality.
View: Article @ Source Site
