If you are using a HP laptop, there is a possibility that whatever you are typing, including your passwords are bring recorded without you knowing. This threat is through a software Synaptics, which is meant to control the keypad and trackpad inputs.
While other brands of laptops may also be coming pre-loaded with the same software, it is on a HP laptop that the vulnerability was first discovered and it has been revealed that around 500 different models of HP laptops could be having this software loaded on them and can be a potential threat.
If a hacker gets access to your laptop, then it could end in disaster for you since everything you typed out can be found by the hacker. The only saving grace in this is that the software is as such set to ‘disabled’ by default and has to be activated to do this tracking. The vulnerability is termed ‘keylogger’ in trade parlance.
HP has mentioned in the specific page that neither they nor Synaptics will have access to the data. Technically it is also being clarified that it is not as if any hacker can access your system remotely. There has to be physical access to the device for anyone to tap into the confidential data.
HP has indeed released the list of their models that carry the Synaptics software and has also released an update patch that can fix the bug and disable this tracking of keyboard input and secure your data.
The patch will plug the security flaw in select laptops sold within the last five years, including G2 Notebooks, EliteBooks, EliteBook Folios and ProBooks, Evening Standard reported.
The company has asked the owners of HP computers to install it as soon as possible.
The issue was discovered by Michael Myng, who discovered a deactivated keylogger in software on over 460 models of HP laptop, the report added.
After Myng raised the issue with the company, HP acted "terrifically fast" and said that the keylogger was erroneously present as a "debug trace".
"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners," HP's summary of the issue stated.
"A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue."
The keylogger feature is deactivated in the default setting but an attacker with physical access to the computer could easily turn it on, the report pointed out.
(With IANS inputs)