HP Laptops Secretly Records User Keystrokes, Security Firm Says

Adjust Comment Print

Security firm Modzero found a "covert storage channel for sensitive data" had been packaged in with audio driver software developed by Conexant on several HP laptops and was recording the user's keystrokes.

Dozens of models of notebooks sold by Hewlett Packard (HP) contain keystroke logging software, which captures everything that is typed on the device's keyboard.

However, the good news is that HP has reacted quickly here with a full solution, and a patch is already available (via Windows Update) for affected models from 2016 or this year, so you don't need to worry about the workaround.

ModZero noted that there is no evidence that the keylogger was intentionally included in the laptops by either HP or Conexant. In other cases, the keystrokes will be passed to a Microsoft Windows debugging interface on the PC, and expose them to possible capture, Modzero said. Unfortunately, this crude process inadvertently processes everything then writes it to an unencrypted log file. Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model - for example special keys for turning on or off a microphone or controlling the recording LED on the computer. "Obviously, it is a negligence of the developers", the security firm said in its blog post. One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.

Conexant's MicTray64.exe is installed with the Conexant audio driver package and registered as a Microsoft Scheduled Task to run after each user login.

More news: Women's Golf in Fifth Place at Athens Regional

Nash clarified that they keylogger was mistakenly added to the driver's production code and was never meant to reach HP's commercial products.

HP also clarified that it didn't get any access to customer data as a result of this problem.

In an advisory note Modzero said a Conexant audio driver for headphones, which is installed on the laptops, records a user's keystrokes.

Instead, users should delete the MicTray executable and the log files it has created from the $WINDIR$\System32 and $USERS$\Public directories on their device. Conexant did not immediately respond to a request for comment.