Jump to content
Sign in to follow this  
Batu69

Keylogger Found in Audio Driver of HP Laptops

Recommended Posts

Batu69

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

 

Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.

Keylogger found in preinstalled audio driver

According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.

This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).

 

This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."

 

This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:

C:\users\public\MicTray.log

Audio driver also exposes keystrokes in real-time via local API

If the file doesn't exist or a registry key containing this file's path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.

 

The danger is that malicious software installed on the computer, or a person with physical access to the computer, can copy the log file and have access to historical keystroke data, from where he can extract passwords, chat logs, visited URLs, source code, or any other sensitive data.

 

Furthermore, the OutputDebugString API provides a covert channel for malware to record real-time keystrokes without using native Windows functions, usually under the watchful eye of antivirus software.

Keylogger feature confirmed in HP laptops

Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven't officially confirmed that the issue affects other manufacturers.

   HP EliteBook 820 G3 Notebook PC
   HP EliteBook 828 G3 Notebook PC
   HP EliteBook 840 G3 Notebook PC
   HP EliteBook 848 G3 Notebook PC
   HP EliteBook 850 G3 Notebook PC
   HP ProBook 640 G2 Notebook PC
   HP ProBook 650 G2 Notebook PC
   HP ProBook 645 G2 Notebook PC
   HP ProBook 655 G2 Notebook PC
   HP ProBook 450 G3 Notebook PC
   HP ProBook 430 G3 Notebook PC
   HP ProBook 440 G3 Notebook PC
   HP ProBook 446 G3 Notebook PC
   HP ProBook 470 G3 Notebook PC
   HP ProBook 455 G3 Notebook PC
   HP EliteBook 725 G3 Notebook PC
   HP EliteBook 745 G3 Notebook PC
   HP EliteBook 755 G3 Notebook PC
   HP EliteBook 1030 G1 Notebook PC
   HP ZBook 15u G3 Mobile Workstation
   HP Elite x2 1012 G1 Tablet
   HP Elite x2 1012 G1 with Travel Keyboard
   HP Elite x2 1012 G1 Advanced Keyboard
   HP EliteBook Folio 1040 G3 Notebook PC
   HP ZBook 17 G3 Mobile Workstation
   HP ZBook 15 G3 Mobile Workstation
   HP ZBook Studio G3 Mobile Workstation
   HP EliteBook Folio G1 Notebook PC

The Conexant HD Audio Driver Package has versions for the following operating systems.

   Microsoft Windows 10 32-Bit
   Microsoft Windows 10 64-Bit
   Microsoft Windows 10 IOT Enterprise 32-Bit (x86)
   Microsoft Windows 10 IOT Enterprise 64-Bit (x86)
   Microsoft Windows 7 Enterprise 32 Edition
   Microsoft Windows 7 Enterprise 64 Edition
   Microsoft Windows 7 Home Basic 32 Edition
   Microsoft Windows 7 Home Basic 64 Edition
   Microsoft Windows 7 Home Premium 32 Edition
   Microsoft Windows 7 Home Premium 64 Edition
   Microsoft Windows 7 Professional 32 Edition
   Microsoft Windows 7 Professional 64 Edition
   Microsoft Windows 7 Starter 32 Edition
   Microsoft Windows 7 Ultimate 32 Edition
   Microsoft Windows 7 Ultimate 64 Edition
   Microsoft Windows Embedded Standard 7 32
   Microsoft Windows Embedded Standard 7E 32-Bit

HP did not respond to a request for comment from Bleeping Computer in time for this article's publication.

Modzero researchers say the only way to mitigate the issue is by deleting the MicTray64.exe.

 

Article source

Share this post


Link to post
Share on other sites
DKT27

As if their products were not bad in themselves, they topped it up there.

Share this post


Link to post
Share on other sites
thunderpants

 I do wonder how many other progs. out there are doing something similar.

Share this post


Link to post
Share on other sites
J.D
6 minutes ago, thunderpants said:

 I do wonder how many other progs. out there are doing something similar.

A perfect program for reading all your data is a HDD Defragger or an AVP / Anti-Malware program .:o

Edited by J.D

Share this post


Link to post
Share on other sites
Dodel

I'll have a play with the below range laptops in work tomorrow, I work for an ISP in IT, our field engies, use these range of laptops when installing full IP solutions, configs, log files, consoles, telnet, passwords... should be fun.

   HP EliteBook 820 G3 Notebook PC
   HP EliteBook 840 G3 Notebook PC
   
Edited by Dodel

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...