HP Inc ships laptops with sinister key-logger

Dodgy Conexant driver spaffs keystrokes into wide-open log

Updated HP Inc ships a creepy key-logger on its laptops, according to security researchers.

A Conexant audio driver for headphones, which is installed on the computers, records the user's keystrokes to a file on disk, we're told. This file – C:\Users\Public\MicTray.log – can be read by any malware running on or anyone logged into the system.

The dodgy code lurks on ‪HP‬ Elitebook, Probook and Zbook laptops running Windows 7 or 10 and HP's bundled software. It was discovered by researchers at Swiss outfit Modzero, who went public with the programming cockup in an advisory on Thursday. It appears to be the result of debugging routines left lingering in the driver.

Modzero suggests people delete the MicTray utility and its logs, pending the availability of a patch to kill off the key logging. It also offers a comprehensive list of affected HP laptops.

Left unaddressed, the log can be snooped on by users logged in and any process running on the machine, such as spyware and other nasties, to siphon off keystrokes and thereby harvest passwords or other sensitive information, as Modzero explains:

Any process that is running in the current user-session, and therefore able to monitor debug messages, can capture keystrokes made by the user. Processes are thus able to record sensitive data such as passwords, without performing suspicious activities that may trigger AV vendor heuristics.

Furthermore, any process running on the system by any user is able to access all keystrokes made by the user via file-system access. It is not known if log-data is submitted to Conexant at any time or why all key presses are logged anyway.

El Reg has asked Conexant for comment on the issue but we're yet to hear back. We'll update this story as and when we learn more. ®

Updated at 10.24 UTC on Friday 12 May to add: In a statement, HP acknowledged the issue and said that a software fix would soon be available.

HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com.


Biting the hand that feeds IT © 1998–2017