You wouldn’t know it from HP’s support page, but a large number of their recent laptops with a rudimentary keylogger embedded within the drivers for their touchpads. Fortunately, this isn’t a situation where some virus wormed its way into HP’s laptop assembly line. Instead, it looks like a security researcher stumbled upon a long disabled chunk of code that Synaptics, a company that makes laptop touchpads for several vendors, originally used to make sure their new touchpad design was working correctly.
Testing code like this is extremely common on new hardware being tested in the lab. The problem here is that neither HP nor Synaptics thought to remove that testing code from the products they shipped to their end customers. Even though the test code shipped in a dormant state, all it would have taken is one small change to re-enable it. Having code that could be used to spy on users baked into the trusted files that ship with HP laptops could have been a major weak point for hackers to exploit.
HP says that there were no known instances of this code being exploited, but there’s really no way for them to be entirely sure. The company has since posted replacement drivers on their support site. Individuals and businesses should go about updating to these newer, fixed drivers as soon as possible.