Sometimes, legitimate companies accidentally create malware. That’s certainly the case in this latest example.
It was an innocent mistake, but some debugging code was inadvertently left in the code of an audio driver used by more than two dozen models of HP laptops. As a result, unknown to the users of those machines, the audio driver was quietly logging every keystroke they made.
The audio drivers were made for HP by a company called Conexant, and they were involved in the joint effort to correct the issue.
Of interest is the fact that the problem has been around for a surprising length of time. As research continued into the issue, it was discovered that the code remnant dates back to 2015, requiring a complex fix. At this point, there’s a patch for all impacted HP laptops manufactured in 2017 and 2016, with another for laptops manufactured in 2015 coming next Friday.
The audio driver in question was provided by third party vendor Conexant, and HP is demanding an explanation as to why it took so long to discover the errant code remnant in hopes of avoiding a similar situation in the future.
While this particular episode was innocent and entirely unintentional, it underscores the large and growing problem that all complex systems face. Small changes, even to some minor file on the periphery of a complex system, can lead to critical and unexpected vulnerabilities.
Unfortunately, our traditional response to these kinds of failings is to design an even more complex system, which is fraught with even more potential for unintended consequences such as this one.
There’s no easy solution, but the bottom line here is that if you own an HP laptop manufactured in 2015, 2016 or 2017, head to the company’s website at your next opportunity to see if you need the updated driver. If your IT staff is struggling to keep pace with the rapid changes swirling around the industry, contact us and talk to one of our talented team members. We’ll be happy to work with you, whatever your IT needs.