Menu
Certain HP laptops are found recording users' keystrokes

Certain HP laptops are found recording users' keystrokes

An audio driver supplier called Conexant may have accidentally implemented the keylogging function

IDG

IDG

Over two dozen HP laptop models have been secretly recording users’ keystrokes, possibly by mistake, according to a Swiss security firm.

The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.

The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.

In other cases, the keystrokes will be passed to a Microsoft Windows debugging interface on the PC, and expose them to possible capture, Modzero said.

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers,” the security firm said in its blog post.

Nevertheless, the keylogger still poses a security risk. Anyone, including malware writers, can look up what a user has been typing by exploiting the affected audio driver or looking up the log file created.

“Investigators with access to the unencrypted file-system might be able to recover sensitive data of historic key logs as well,” Modzero said.

In a short statement, HP said it was aware of the issue. "HP has no access to customer data as a result of this issue. We have identified a fix and will make it available to our customers," the company said.

According to Modzero, the audio driver is used in certain HP EliteBook, ProBook, ZBook models. A full list of affected products can be found here.

Fortunately, the software is easy to remove. It’s located at c:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and can be deleted, although this may cause the special function keys on the laptop to no longer work.

The keystroke log file it creates should also be erased, and is located at C:\Users\Public\MicTray.log.

Modzero said the developer of the audio driver is a U.S. company called Conexant, which produces audio and voice related applications. Conexant did not immediately respond to a request for comment.

Modzero discovered the problem on April 28, but claimed that both HP and Conexant hadn't responded to the security firm's contact requests.

Thorsten Schroeder, CEO of Modzero, said other laptops from Dell, Lenovo and Asus don't appear to have the same problem.

But because Conexant appears to develop software for other hardware vendors, the keylogging issue may exist in other devices, he said in an email.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Reseller News launches alumnae breakfast for Women in ICT Awards

Reseller News launches alumnae breakfast for Women in ICT Awards

Reseller News hosted the first alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers.

Reseller News launches alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Show Comments