Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.
Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the “potential security vulnerability”.
It has issued a software patch for its customers to remove the keylogger.
The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.
In a statement, the company said: “HP uses Synaptics’ touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com.”
‘Loss of confidentiality’
Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop.
He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.
According to HP, it was originally built into the Synaptics software to help debug errors.
It acknowledged that could lead to “loss of confidentiality” but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
At the time, the company said the keylogger code had been mistakenly added to the software.