If you think that by covering your laptop's webcam and using your OS in safe mode will ensure that you are not being monitored via your PC or laptop, you should think twice. There are a multiple ways to do that and one of them is keystroke logging, which is essentially a surveillance technology to record the keystrokes without the user being aware of the action. That said, a few laptop models of HP were said to have been affected by a security flaw due to a version of Conexant audio driver that were not meant to be shipped with the machines and had a built in keystroke logger. HP has now said that it rolling out a fix for this flaw.
The fix for the HP keystroke logging security flaw has been issued with a Windows update released on Friday for the following 2016 HP PC models - EliteBook, ProBook and Zbook. Owners of the aforementioned HP devices are advised to download the update right away, while owners of 2015 models of the same PCs will have to wait until the next day i.e., Saturday to receive the fix.
According to Axios, HP did not access and share the data that was stored in the files and key logging codes but having them could have posed a security threat for the customers. HP says this fix will remove the key-logging codes and the files that stored the keystrokes. Owners should also delete all the backups that they may have created before updating their Windows versions as they may contain multiple copies of their keystroke data.
Mike Nash, HP Vice President told Axios in a statement that the keystroke logging code was a debugging code that must have been left unintentionally by Conexant, the company that made the audio driver for HP's PC models, and it "should never have been included on shipping PCs." He further explained that the company never had any intention to include that software or record user's keystroke data. "It was something that was there in development process and should have been removed," he added.
Notably, a security firm known as Modzero has earlier intimated HP and Conexant about the keystroke logging flaw, however, HP's Nash said that the company had already been in a process of working on the fix before Modzero's notification.