Some HP PCs are recording your keystrokes

Some HP PCs are recording your keystrokes

Nearly thirty different Hewlett-Packard Windows PC models may be recording every keystroke their owners make and storing them in a human-readable file accessible to any user on the PC. Oh, boy.

Switzerland-based security company Modzero recently discovered a keylogger present in an audio program in HP PCs called MicTray. Modzero reported it on their blog early Thursday morning.

You can also find a complete list of affected HP PC models in the company's security advisory. Affected models include PCs from the HP Elitebook 800 series, HP ProBook 600 and 400 series', the EliteBook Folio G1, and others. The program has existed on HP PCs since at least late 2015, Modzero says.

The keylogger in question appears to be a creation of either HP or Conexant, one of HP's component partners. PCWorld has contacted HP and Conexant for comment. We'll update this article if the companies respond.

Poor execution

While the keylogger sounds nefarious, it's appears to be the result of some poorly conceived solutions to legitimate problems. The software in question is designed to identify whether a user has entered certain keystrokes that activate audio hardware features, according to Modzero. The program could be monitoring to see whether a microphone is supposed to be on or off, for example.

But in addition to monitoring for specific key presses there are also some diagnostic and debugging features built into the software, Modzero says. The end result is that as of MicTray version 1.0.0.46 all keystrokes on affected HP PCs are recorded in human readable format and accessible at C:\Users\Public\MicTray.log.

That file could contain sensitive information such as passwords and usernames, as reported by Modzero. The file is overwritten with every login on the PC, but that erased content could still conceivably be retrieved by a sophisticated attacker.

The impact on you at home: If you have an HP PC, first check to see if the program in question exists on your PC as either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe. If it does exist, Modzero advises deleting or renaming it to prevent MicTray from running and logging your keystrokes; however, that may mean some of the media keys on your PC will no longer function.

Next, go to C:\Users\Public\MicTray.log and erase that file. If you don't see it, click the View tab in File Explorer and check off the Hidden items checkbox. Also keep in mind that if you make regular back-ups of your hard drive that include the Public folder, the keylogging file may also exist there with sensitive information in plain text for anyone to see.

IDG Insider

PREVIOUS ARTICLE

«Sim-ply fantastic: EA says a new Sims Mobile game is on its way to iOS and Android

NEXT ARTICLE

Excel's IF statement made easy»

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should we donate our health data the same way we donate organs?