Many HP laptops come with a feature similar to a keylogger, which secretly records everything that the user is doing. Every action is being recorded in an unencrypted file on the computer’s hard drive.
Many HP laptops and tablets affected: ModZero
In a blog post, Swiss security researcher ModZero said they discovered the issue in the audio drivers HP released in 2015. According to ModZero, they tried to report this information to HP Enterprise, but the company refused to take any responsibility for the keylogger. The security researcher then reportedly contacted HP Inc and Conextant, but those efforts were in vain, as neither responded. The Swiss firm then decided to go public with the issue.
In a statement, an HP spokesperson said, “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.”
Seth Klarman's Baupost is one of the largest hedge funds in the world, and it utilizes a long-only, value-focused investment process. However, some well-known names have suggested that value investing is dead, so where does that leave Baupost and other highly reputable value investors? Klarman had some insight in his year-end letter for 2021. Q4 Read More
HP Vice President Mike Nash stated that the company already released a fix on the Windows update and HP.com for the newest models. However, all 2015 models will receive the patch on Friday, notes ZDNet. Nash also stated that the feature was added to the driver production code by mistake and was never meant to be continued in end devices. However, Nash did not reveal the number of affected devices.
According to the Swiss security researcher, the secret driver developed by audio chip maker Conextant has been baked in over two dozen models of HP laptops and tablets, including the HP Elitebook, ProBook and ZBook, notes CNET.
Keylogger issue was the result of a failed experiment
HP also stated that the issue is not unknown to it and that the faulty software was developed by the supplier partner to test audio functionality before launching new products. However, the experiment failed, as the driver acted like a keylogger, recording and processing every single keypress. The driver wrote every single keypress to a log-file stored locally on the user’s system found at C:UsersPublicMicTray.log. The main purpose of the experiment was to find out whether or not a special key has been pressed or released.
“Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive,” the Swiss firm said.
The good thing is that the log file is erased every time someone logs out of the system. ModZero, however, stated that if a user has any backup system in place, it creates a permanent recording for everything, notes TNW. The security researcher suggests that users should delete the MicTray file and all the log files created by the keylogger and created from $WINDIR$System32 and $USERS$directories in their Windows installation, notes Silicon Angle.
According to ModZero, the keylogging function is the worst for those who share their computers with others and also with non-trusted users. Something that comes as a relief is the fact that the driver package neither distributes nor uploads the information stored in the log.