The IT Nerd

Security firm Modzero has put up a blog post that should concern any company that uses HP laptops in their enterprise. The company says that HP has been shipping audio drivers with built-in keyloggers in some of their laptops since “at least” Christmas 2015.

Here’s the executive summary:

• Modzero found that the audio driver package, developed and digitally signed by the audio chip manufacturer Conexant, has been poorly implemented, turning the driver “effectively into keylogging spyware.”
• The most recent version of this software which is 1.0.0.45, implements the logging of all keystrokes into the publicly for any user readable file C:\Users\Public\MicTray.log. Now the file is overwritten at each login, but someone who is savvy enough could scoop it up before it gets overwritten which would give them a complete history of what the user was typing.

Modzero has published a full list of laptops known to be affected, which includes a range of HP EliteBook, ProBook and ZBook devices. Those are all corporate class laptops that are widely used in companies everywhere. If you’re the least bit bothered by this, you should check to see if check C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is on your HP laptop. If you find these files, delete them or rename them.

The good news? There seems to be no evidence that this has been exploited. Not that it really matters because the fact that this exists is pretty bad. It will be interesting to see what HP has to say about this as they haven’t commented as of yet. Stay tuned for their response.

This entry was posted on May 11, 2017 at 9:45 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.