Keylogger Found in HP Audio Driver

Reasonably than being malicious, this appears like negligence by builders. What’s extra regarding it it has been on HP programs since 2015.

HP Palo Alto HQ

For those who personal or use a HP laptop it is time to examine whether or not both C:WindowsSystem32MicTray64.exe or C:WindowsSystem32MicTray.exe in put in. If both is, you may have an energetic keylogger recording all key presses and have to take motion by renaming the executable file.

Normally when a brand new keylogger is found and reported about publicly, it is discovered to be malicious spyware and the events affected have responded to the risk. Nonetheless, on this case the alternative is true. A keylogger was found operating on HP computer systems that is not malicious and the corporate is not doing something about it but.

The keylogger was discovered by security company modzero AG in an audio driver put in on HP programs. modzero did the accountable factor and made HP conscious of its existence. HP Enterprise refused to take accountability whereas HP Inc. and the opposite firm concerned, Conexant Methods Inc., are ignoring it. So modzero determined to go public “in accordance with out Accountable Disclosure course of.”

HP Conexant Audio Driver Keylogger

This is the place issues get bizarre. Delivery a system with an energetic keylogger put in is barely actually ever going to occur for malicious causes. However on this case it appears like pure negligence on the a part of builders.

The software program in query is a part of a driver package deal provided by HP (since Christmas 2015) and associated to audio chips manufactured by Conexant. Conexant’s built-in circuits seem on quite a few sound playing cards for which they supply drivers. On this case, particular key presses are supported for features akin to turning the microphone and recording LED on or off.

modzero found that the software program written to detect these particular key presses really information all key presses and shops them within the following plain textual content log file: C:UsersPublicMicTray.log for anybody to view. The log is overwritten each time you log again into the pc, however throughout use it’s all the time recording key presses, which is able to embrace any and all passwords entered.

Negligent? Lazy? Name it what you’ll, however logging all key presses simply to detect particular key presses is ridiculous. As talked about above, you may cease it taking place by renaming the executable file, nonetheless, doing so will cease the particular key performance working. Ideally, HP and Conexant take discover now and repair the issue!