UPDATE: Just as HP was made aware of the gaping hole in the security of their computing devices, the company immediately acted to plug the same. It has now rolled out patches to remove the keylogger spyware from its audio drivers. This update will also delete the log file (read more about it underneath) maintained to record the keystrokes.
Talking about the update, an HP spokesperson in a statement said,
HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.
The updated audio driver has been made available to download from over at Windows Update and HP.com for newer 2016 and later affected models. The patch for older 2015 HP computers will land later today, so y’all be patched up really soon.
PREVIOUSLY: Hewlett-Packard (HP) laptop owners, stop whatever you’re browsing and listen really closely! That lovely laptop you’re employing to conduct your daily chores is quietly recording your keystrokes, according to Swiss security company, Modzero. And from what their evidence suggests, it has been acting as a keylogger for the past couple years. So, this is a major cause of worry for y’all.
In its official blog post, Modzero mentions that their team of security researchers discovered the keylogger while examining Windows Active Domain infrastructures. There they observed HP had released an updated set of audio drivers to introduce new diagnostics, as well as debugging features to detect when a special shortcut key was pressed or released.
Everything about the said feature sounds all a-okay but when Modzero further probed the audio driver package, it concluded that the special key was implemented poorly. In addition to detecting the special keypress, the driver software was also storing all keystrokes into a file stored on the computer. The audio driver is signed by audio chip manufacturer Conexant and is effectively functioning as a keylogging spyware.
While there is no evidence that this keylogger was implemented intentionally but the situation gets even worse with a later update for the audio driver. Modzero’s investigation reveals that the latest version, i.e 22.214.171.124, has moved past recording just that special key to taking into account all the keystrokes.
And these keystrokes are stored in a publicly available file, stored at the following location — C:\Users\Public\MicTray.log. There, it also mentions that the said file is overwritten each time you logout/login into the system. But, a permanent record of the same will be available on the cloud, if you have the backups turned on.
If you regularly make incremental backups of your hard-drive – whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups.
In addition to uncovering the hidden keylogger, ModZero has even published a security advisory to provide us with the complete list of affected HP computers. Take a close look at the following list and perform actions mentioned underneath to protect your privacy and delete keystrokes recorded by the audio driver’s keylogger:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
Now, if you’ve recognized that your HP computer has been listed above then ModZero has suggested that you should instantly check whether the program is installed in these file locations:
C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe
If the answer is affirmative then the blog post says that you should either delete or rename the said executable file in order to prevent the audio driver from collecting more keystrokes. But in doing so, you could lose access to some special shortcut keys attached to the audio/microphone settings. This is because the keylogger was mistakenly implemented by HP when it was building special shortcuts, as mentioned above.