In November, a computer programmer spotted some strange code while trying to control a backlit keyboard on a Hewlett-Packard laptop.
It was a keylogger — which if turned on by a hacker is capable of monitoring every keystroke you type and save this activity to a file. It’s a common hacking technique used to steal passwords, as Google recently noted in its year-long study on computer security.
In this case, the code was not turned on, but TechCrunch nonetheless reported on programmer Michael Myng’s blog post about finding the deactivated keylogger. In his memo, Myng wrote that he notified HP of the presence of the keylogger’s presence.
So, I messaged HP about the finding. They replied terrificly fast, confirmed the presence of the keylogger (which actually was a debug trace) and released an update that removes the trace.
Myng calls this piece of code a “debug trace,” a tool commonly used by software companies to “trace” a problem or bug, suggesting this code wasn’t put there with any malicious intent — either by HP or anyone else.
For HP users that want to rid their computers of this keylogger — should a hacker gain physical access to their computer and turn it on — HP’s fix (issued on Nov. 7) can be found on their site here, along with an extremely long list of affected models.
In their fix, HP notes that a “potential security vulnerability has been identified” and HP has no “access to customer data as a result of this issue.”
Mashable contacted HP for comment and will update this post upon hearing back.