After it was revealed that an audio driver installed on several HP laptops contained a feature that secretly recorded every keystroke entered into the computer, we reached out to HP for comment and were informed by a member of the company’s crisis communications team that a new audio driver is now available with the keylogging feature removed.
Although the release notes for the updated Conexant HD audio driver dated May 14th simply state “provides update for audio issue,” digging deeper we found a security bulletin that appears to address the issue directly listing the security impact as “potential, local loss of confidentiality.”
According to the company, the keylogging feature was in fact a debugging tool that was simply not disabled prior to product launch.
From the security bulletin:
A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. HP has no access to customer data as a result of this issue.
A list of almost 90 affected desktop / laptop systems can be found here. The updated Conexant HD audio driver can be downloaded here.