Hewlett Packard has issued a patch to resolve a driver-level keylogger discovered on hundreds of HP laptops - the second within the year.
The suspicious code was discovered by security researcher Michael Myng and was included in the Synaptics Touchpad drivers of an HP laptop. While logging was disabled by default, given the right permissions, it could be enabled through changing registry values and so should a laptop be compromised by malware, malicious code could take advantage of the keylogging system to spy on users.
HP has released a software update that removes the trace.
"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue," said HP in a security bulletin.
Affected products include HP G2 Notebooks, the HP Elite x2 1011 G1 tablet, HP EliteBooks, HP ProBooks and HP ZBook models, among others.
A fix will also be included in Windows Update.
Last May, security firm Modzero discovered a keylogger in the Conexant HD audio driver package, installed in dozens of HP devices. HP had rolled out a patch which resolved the issue.