Oops: HP laptops include keystroke logger that records user names and passwords
In a security failure of gargantuan proportions, laptops shipped by HP Inc. have been found to include a keylogger that captures all user keystrokes and records them to an unprotected file.
First spotted by Swiss security firm modzero AG, the keylogger was included in a device driver developed by Conexant Systems Inc., the manufacturer of the audio chips that are used in the affected laptops. Those machines include HP Elitebook, Probook and Zbook laptops running Windows 7 or 10.
Specifically, the keylogger itself is embedded in a device driver called MicTray64.exe and uses a debugging feature to capture all information a user types, including passwords and user logins. It then stores that information to a file at C:\Users\Public\MicTray.log that’s easily accessible to anyone who has access to the computer, including hackers who may have gained access through other means.
“This type of debugging turns the audio driver effectively into keylogging spyware,” the researchers at ModZero wrote. “On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”
The log file itself is overwritten every time the computer is booted up but with system backups, an ongoing complete history of user keystrokes would be available. Modzero claimed that the keylogger was most likely not installed with malicious intent, indeed that “there is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful.”
HP said it was aware of the issue.”Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version,” the company said in a statement, before adding that fixes are available via HP.com.
Modzero recommended that HP laptop users should delete the MicTray file along with all the log files the keylogger created from the $WINDIR$\System32 and $USERS$\directories in their Windows installation.
Photo: HP
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU