A Swiss cybersecurity firm revealed on May 11 that HP laptops are secretly recording user's keystrokes.
After stumbling upon a feature that captures everything the user presses on the keyboard, the firm -- Modzero -- concludes it likely wasn't intentionally designed to spy, reports Sky News. However, the way it was made nevertheless puts users at risk.
"There is no evidence that this keylogger has been intentionally implemented," the security firm said in its blog post. "Obviously, it is a negligence of the developers."
By storing all recordings in an easily accessible file, thieves are exposed to information like online banking and email account passwords.
The firm says 28 models of HP laptops running either Windows 7 or Windows 10 are affected, and offered a full list on their advisory notice. HP also lists those models affected on their website.
On their website, Modzero offers current HP laptop users advice on how to protect themselves:
All users of HP computers should check whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore. However, the special function keys on the keyboards might no longer work as expected. If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords.
Although the firm reported the hazardous feature to HP on April 28, they said they were forced to publish the security advisor on May 11 after HP failed to act.
Since then, HP has publicly acknowledged they are "aware of the keylogger issue on select HP PCs" and are taking steps to fix it.
"Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version," said HP.
"HP has no access to customer data as a result of this issue," they add, reports PC World.
The company has since released a new version of the driver that fixes the bug on their website, reports Forbes.
News of the feature enraged many distrustful social media users.
"Yet no other laptops by other manufacturers 'accidently installed' keystroke recording....It is impossible to accidently install something like that... Are we supposed to believe HP engineers manufactured these devices, not knowing what they were installing?," wrote one person on Sky News' Facebook post about the incident. "HP spies. On you."