Security researchers have discovered that a feature installed in a number of HP laptops is recording all of the keystrokes that the laptop users make.
In capturing everything users press on their keyboards the software is recording sensitive information, and by saving that information in an easily accessible file the researchers claim that it is potentially exposing users' passwords to attackers.
According to the Swiss cybersecurity group behind the research, Modzero, the feature wasn't designed to spy on users - but it was implemented in such a way that it records everything users type.
This means that from the moment a user logs into Windows on affected HP laptops, every key they press, including to enter passphrases for online banking and email accounts, is recorded and stored.
The security firm claims that this "leads to a high risk of leaking sensitive user input".
"Users are not aware that every keystroke made while entering sensitive information - such as passphrases (or) passwords on local or remote systems - are captured by (the software)," the security advisory continued.
The researchers complained that they first reported the issue to HP on 28 April, but decided to publish their security advisory yesterday because HP had failed to respond to them.
Speaking to Sky News, a spokesperson for HP said the company was "aware of the keylogger issue on select HP PCs."
HP told Sky News: "Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com."
28 models of HP laptops running either Windows 7 or Windows 10 are affected, the full list of which is available on Modzero's advisory notice. HP declined to inform Sky News of how many customers it believes may be affected by the issue.
According to market analysis by Gartner, HP's machines accounted for 19.5% of worldwide personal computer shipments during the first quarter of this year, with over 12 million units being shipped.
No comments:
Post a Comment