Skip to main content

HP Keylogger Malware Gets Patch Fix

By June 1, 2017May 25th, 2021Cybersecurity

Sometimes, legitimate companies accidentally create malware. That’s certainly the case in this latest example.

It was an innocent mistake, but some debugging code was inadvertently left in the code of an audio driver used by more than two dozen models of HP laptops. As a result, unknown to the users of those machines, the audio driver was quietly logging every keystroke they made.

The audio drivers were made for HP by a company called Conexant, and they were involved in the joint effort to correct the issue.

Of interest is the fact that the problem has been around for a surprising length of time. As research continued into the issue, it was discovered that the code remnant dates back to 2015, requiring a complex fix. At this point, there’s a patch for all impacted HP laptops manufactured in 2017 and 2016, with another for laptops manufactured in 2015 coming next Friday.

The audio driver in question was provided by third party vendor Conexant, and HP is demanding an explanation as to why it took so long to discover the errant code remnant in hopes of avoiding a similar situation in the future.

While this particular episode was innocent and entirely unintentional, it underscores the large and growing problem that all complex systems face. Small changes, even to some minor file on the periphery of a complex system, can lead to critical and unexpected vulnerabilities.

Unfortunately, our traditional response to these kinds of failings is to design an even more complex system, which is fraught with even more potential for unintended consequences such as this one.

There’s no easy solution, but the bottom line here is that if you own an HP laptop manufactured in 2015, 2016 or 2017, head to the company’s website at your next opportunity to see if you need the updated driver. If your IT staff is struggling to keep pace with the rapid changes swirling around the industry, contact us and talk to one of our talented team members. We’ll be happy to work with you, whatever your IT needs.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.