Certain HP laptops are found recording users' keystrokes
Security

Certain HP laptops are found recording users' keystrokes

Over two dozen HP laptop models have been secretly recording users’ keystrokes, possibly by mistake, according to a Swiss security firm.

The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.   

The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.

In other cases, the keystrokes will be passed to a Microsoft Windows debugging interface on the PC, and expose them to possible capture, Modzero said.      

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers,” the security firm said in its blog post.

Nevertheless, the keylogger still poses a security risk. Anyone, including malware writers, can look up what a user has been typing by exploiting the affected audio driver or looking up the log file created.

“Investigators with access to the unencrypted file-system might be able to recover sensitive data of historic key logs as well,” Modzero said.

In a short statement, HP said it was aware of the issue. "HP has no access to customer data as a result of this issue. We have identified a fix and will make it available to our customers," the company said.

According to Modzero, the audio driver is used in certain HP EliteBook, ProBook, ZBook models. A full list of affected products can be found here.

Fortunately, the software is easy to remove. It’s located at c:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and can be deleted, although this may cause the special function keys on the laptop to no longer work.   

The keystroke log file it creates should also be erased, and is located at C:\Users\Public\MicTray.log. 

Modzero said the developer of the audio driver is a U.S. company called Conexant, which produces audio and voice related applications. Conexant did not immediately respond to a request for comment.

Modzero discovered the problem on April 28, but claimed that both HP and Conexant hadn't responded to the security firm's contact requests. 

Thorsten Schroeder, CEO of Modzero, said other laptops from Dell, Lenovo and Asus don't appear to have the same problem. But because Conexant appears to develop software for other hardware vendors, the keylogging issue may exist in other devices, he said in an email. 

IDG Insider

PREVIOUS ARTICLE

«Waymo, Uber dispute referred to US attorney for investigation

NEXT ARTICLE

Amazon Prime Video app for Apple TV will be announced at WWDC»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?