INFRA
INFRA
INFRA
Oops: HP laptops include keystroke logger that records user names and passwords
In a security failure of gargantuan proportions, laptops shipped by HP Inc. have been found to include a keylogger that captures all user keystrokes and records them to an unprotected file.
First spotted by Swiss security firm modzero AG, the keylogger was included in a device driver developed by Conexant Systems Inc., the manufacturer of the audio chips that are used in the affected laptops. Those machines include HP Elitebook, Probook and Zbook laptops running Windows 7 or 10.
Specifically, the keylogger itself is embedded in a device driver called MicTray64.exe and uses a debugging feature to capture all information a user types, including passwords and user logins. It then stores that information to a file at C:\Users\Public\MicTray.log that’s easily accessible to anyone who has access to the computer, including hackers who may have gained access through other means.
“This type of debugging turns the audio driver effectively into keylogging spyware,” the researchers at ModZero wrote. “On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”
The log file itself is overwritten every time the computer is booted up but with system backups, an ongoing complete history of user keystrokes would be available. Modzero claimed that the keylogger was most likely not installed with malicious intent, indeed that “there is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful.”
HP said it was aware of the issue.”Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version,” the company said in a statement, before adding that fixes are available via HP.com.
Modzero recommended that HP laptop users should delete the MicTray file along with all the log files the keylogger created from the $WINDIR$\System32 and $USERS$\directories in their Windows installation.
Photo: HP
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
