Keylogger Found In HP Audio Driver

Swiss security researcher ModZero claims that it has discovered an audio driver installed on several HP laptops that contains a feature that secretly records every keystroke entered into the computer. The keylogger stores the keystrokes in an unencrypted file on the computer's hard drive.

The stored data includes sensitive personal information such as passwords and private messages. Making matters worse, anyone with access to the compromised computer would have access to the data collected by the keylogger. The audio driver, developed by Conextant, is found on dozens of HP laptops and tablets.

ModZero researchers wrote:

A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.

The researchers went on to say that, based on the file meta-information, the keylogger has existed on HP computers since at least Christmas 2015. Making matters worse, even though the log file is overwritten each time the computer reboots, a history of all keystrokes over the last few years could also be found in system backups. ModZero advises affected HP users to delete the C:\Users\Public\MicTray.log file if it is present on the hard drive, as it can contain sensitive information such as login information and passwords.

ModZero said it was forced to go public with this information because neither HP nor Conexant have responded to their requests for comment. 

Laptop Magazine, another publication in the stable of Purch Media (Tom's Hardware's parent company), dig some digging to confirm the issue.

This thread is closed for comments
8 comments
    Your comment
  • SinxarKnights
    Not even slightly surprised. Well I take that back, I am surprised nobody caught it sooner. I wonder what prompted ModZero to even look at that or if they just happened to catch it by accident. It is weird that the driver would log every keystroke.

    I get it is listening for hotkey presses, but why log it? Seems like a super amateur way to listen for hotkeys. Like they couldn't figure it out so they said, oh well we should just write all the keystrokes to file then check the file for the proper combo of keystrokes because it is more secure than doing it in memory.

    Or it could be as simple as they forgot to disable a hard coded debug mode before releasing it.

    Genuinely curious how that slipped through as it is a major security issue that affects quite a few devices.

    ed: Yeah the evidence supports the hard coded debug mode: http://www.laptopmag.com/articles/hp-keylogger-installed
    Quote:
    the keylogging code was not supposed to be in laptops sold to the public, noting that it was mistakenly added to the drivers.
  • leoscott
    My wife has a laptop that has the log file created. However, I tested it and it does not appear to be logging the keys in the log file in C:\Users\Public. I wonder if HP had them fix it with a patch.
  • derekullo
    322071 said:
    My wife has a laptop that has the log file created. However, I tested it and it does not appear to be logging the keys in the log file in C:\Users\Public. I wonder if HP had them fix it with a patch.


    That's what HP wants you to believe.