HP has acknowledged that software capable of recording a user’s keystrokes was pre-installed on hundreds of models of its laptops.
The keylogger software was originally installed with the driver for a model of touchpad made by Synaptics in order to help diagnose technical problems.
It is disabled by default, but HP admitted it was a “potential security vulnerability” that could lead to “loss of confidentiality“.
The company said a user would require administrative privileges in order to activate the keylogger.
“Neither Synaptics nor HP has access to customer data as a result of this issue,” HP said in a security bulletin.
The company issued a software update removing the keylogger, which is available from HP or through Windows Update.
Such software can have legitimate purposes, but is more often associated with attackers seeking to record sensitive information such as logins and passwords.
Does IoT security concern you?
The issue was discovered by security researcher Michael Myng while working on a way to control the keyboard backlight for an HP laptop.
HP said more than 460 laptop models were affected, including the EliteBook, ProBook, Pavilion and Envy ranges, dating back to 2012.
In May a keylogger was found to have been installed with audio drivers pre-installed on a number of HP laptop makes, and to have been recording users’ keystrokes since at least December 2015.
HP said at the time the code had been inserted into the software by mistake.
Do you know all about security in 2017? Try our quiz!
Discover how emerging technologies like AI, blockchain, and edge computing are set to revolutionise industries…
US Federal Aviation Administration approves SpaceX's Falcon 9 rockets to return to service following second-stage…
Social media platform X drops Unilever from lawsuit against advertisers after reaching agreement on 'safety…
US Congressional Representatives ask for answers from AT&T, Verizon, Lumen Technologies after wiretap networks reportedly…
Swedish EV battery start-up Northvolt in talks for 200m euros in short-term funding as it…
US labour officials say Apple illegally restricted employees' right to discuss workplace issues on Slack…