Swiss security researcher ModZero claims that it has discovered an audio driver installed on several HP laptops that contains a feature that secretly records every keystroke entered into the computer. The keylogger stores the keystrokes in an unencrypted file on the computer's hard drive.
The stored data includes sensitive personal information such as passwords and private messages. Making matters worse, anyone with access to the compromised computer would have access to the data collected by the keylogger. The audio driver, developed by Conextant, is found on dozens of HP laptops and tablets.
ModZero researchers wrote:
A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.
The researchers went on to say that, based on the file meta-information, the keylogger has existed on HP computers since at least Christmas 2015. Making matters worse, even though the log file is overwritten each time the computer reboots, a history of all keystrokes over the last few years could also be found in system backups. ModZero advises affected HP users to delete the C:\Users\Public\MicTray.log file if it is present on the hard drive, as it can contain sensitive information such as login information and passwords.
ModZero said it was forced to go public with this information because neither HP nor Conexant have responded to their requests for comment.
Laptop Magazine, another publication in the stable of Purch Media (Tom's Hardware's parent company), dig some digging to confirm the issue.