Updated May 11, 2017: According to ZDNet, HP has already started rolling out a patch that will remove the keylogger and the log file associated with it.
Original story: If you own an HP laptop, you might want to check that your keystrokes aren't being logged. According to Swiss security firm modzero (via The Next Web), an audio driver included in a number of HP EliteBooks, ProBooks, ZBooks and Elites contains a keylogger — though there's no indication that it's backed by any malicious intent.
According to modzero, the keylogger was included in a driver for an audio chip produced by Conexant that is included in the HP models in question. From modzero:
Conexant is a manufacturer of integrated circuits, emerging from a US armaments manufacturer. Primarily, they develop circuits in the field of video and audio processing. Thus, it is not uncommon for Conexant audio ICs to be populated on the sound cards of computers of various manufacturers. Conexant also develops drivers for its audio chips, so that the operating system is able to communicate with the hardware. Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model - for example special keys for turning on or off a microphone or controlling the recording LED on the computer. In this code, which seems to be tailored to HP computers, there is a part that intercepts and processes all keyboard input.
Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.
The report goes on to note that the logger has been present since "at least Christmas 2015," but a more recent version of the program records all keystrokes in a log file found at C:\Users\Public\MicTray.log. The log file is erased each time you log out of your PC, but it still presents a massive problem if things like passwords are recorded and the log file is inadvertently backed up.
Modzero says it is publicly disclosing the issue because neither HP or Conexant have responded to its contact requests. "Only HP Enterprise (HPE) refused any responsibility, and sought contacts at HP Inc. through internal channels," it says.
It's important to note that modzero hasn't found any evidence of malintent here. Rather, incompetence appears to be to blame. For its part, HP tells The Next Web that it is working on a fix to ship out to customers. In any case, if you're concerned you're using an affected laptop, modzero has supplied a list of models that you can check. You can also check to see whether whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe exists, and either delete or rename the executable.
We may earn a commission for purchases using our links. Learn more.
Windows 10 Insider build 19042.608 rolling out. Here's what's new.
Now that the October 2020 Update is officially available, Microsoft continues to test bug fixes with Insiders. The latest Insider build preview the "Meet Now" button in the task bar, along with a slew of fixes and improvements.
Every game with touch controls on Xbox Game Pass (xCloud) for Android
Microsoft is offering over 150 games through cloud streaming with Xbox Game Pass Ultimate. While all can be played with controllers, only a handful right now support touch controls.
Xbox Series X Ultimate Guide: Everything you need to know
Here's everything you need to know about the next-generation Xbox console from Microsoft: Xbox Series X.
These are all the best AMD Ryzen-powered laptops
Looking for a new laptop but you'd prefer to have something powered by AMD Ryzen rather than Intel? The choice isn't as wide, but fortunately, there are some excellent notebooks out there to choose from.