Swiss security firm modzero has discovered a rather worrying aspect about HP notebooks – a keylogger.
The keylogger was found in Conexant audio drivers installed on numerous HP notebooks and according to modzero it’s unlikely that the keylogger was placed there by malicious individuals.
“The purpose of the software is to recognize whether a special key has been pressed or released,”writes the cybersecurity firm. “Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.”
It’s important to note that this log file is publicly accessible as its stored in the C:\Users\Public\ directory which is usually available to anybody on a network. Worse still the log file is readable.
“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” modzero explains.
The firm says that the keylogger has existed on HP computers since at least December 2015.
The fix, sort of
Despite contacting both HP and Conexant the security firm says neither have responded but HP Enterprise refused responsibility.
The firm alleges that the following notebooks may contain the secret keylogger:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
Users with any of the notebooks above and in fact an HP notebook in general should look to see if the programs C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe are installed on their PC. Should your PC contain these executable files modzero recommends deleting them or renaming them so that your keystrokes are no longer recorded. The firm warns that special function keys on your keyboard may not work after doing this.
The firm also says that folks should delete the log-file located at C:\Users\Public\ with the name MicTray.log as it may contain sensitive information such as usernames and passwords.
Our hope is that HP and Conexant come forward with a fix because while we like having keyboard shortcuts, we don’t particularly like our keystrokes being logged as a result.