Security Market Segment LS
Friday, 12 May 2017 07:39

Keylogger found on many HP Windows laptops Featured

By

A Swiss researcher has discovered a keylogger in an audio driver on many Windows laptops made by HP Inc.

The software in question has been developed and digitally signed by Conexant, a  manufacturer of integrated circuits, that has emerged from an American armaments maker.

The researcher, Thorsten Schroeder, said the purpose of the software was to recognise whether a special key had been pressed or released.

"Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive," Schroeder wrote.

"This type of debugging turns the audio driver effectively into a keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015."

The latest version of this software, which is known as MicTray, logs all keystrokes into a file that is publicly readable - C:\Users\Public\MicTray.log.

Schroeder said although the file was overwritten after each login, its content could be easily monitored by running processes or forensic tools.

"If you regularly make incremental backups of your hard-drive — whether in the cloud or on an external hard drive — a history of all keystrokes of the last few years could probably be found in your backups."

While he said there was no evidence that the keylogger had been intentionally implemented, it was negligence on the part of the developers. This, however, did not reduce the harm that could be caused by the software.

"If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn't be problems with the confidentiality of the data of any user," Schroeder said.

While he sought reactions from HP Inc and Conexant, neither company was forthcoming with a response.

The hardware models and operating systems affected are:

Models affected

  • HP EliteBook 820 G3 Notebook PC
  • HP EliteBook 828 G3 Notebook PC
  • HP EliteBook 840 G3 Notebook PC
  • HP EliteBook 848 G3 Notebook PC
  • HP EliteBook 850 G3 Notebook PC
  • HP ProBook 640 G2 Notebook PC
  • HP ProBook 650 G2 Notebook PC
  • HP ProBook 645 G2 Notebook PC
  • HP ProBook 655 G2 Notebook PC
  • HP ProBook 450 G3 Notebook PC
  • HP ProBook 430 G3 Notebook PC
  • HP ProBook 440 G3 Notebook PC
  • HP ProBook 446 G3 Notebook PC
  • HP ProBook 470 G3 Notebook PC
  • HP ProBook 455 G3 Notebook PC
  • HP EliteBook 725 G3 Notebook PC
  • HP EliteBook 745 G3 Notebook PC
  • HP EliteBook 755 G3 Notebook PC
  • HP EliteBook 1030 G1 Notebook PC
  • HP ZBook 15u G3 Mobile Workstation
  • HP Elite x2 1012 G1 Tablet
  • HP Elite x2 1012 G1 with Travel Keyboard
  • HP Elite x2 1012 G1 Advanced Keyboard
  • HP EliteBook Folio 1040 G3 Notebook PC
  • HP ZBook 17 G3 Mobile Workstation
  • HP ZBook 15 G3 Mobile Workstation
  • HP ZBook Studio G3 Mobile Workstation
  • HP EliteBook Folio G1 Notebook PC

Operating systems affected

  • Microsoft Windows 10 32
  • Microsoft Windows 10 64
  • Microsoft Windows 10 IOT Enterprise 32-Bit (x86)
  • Microsoft Windows 10 IOT Enterprise 64-Bit (x86)
  • Microsoft Windows 7 Enterprise 32 Edition
  • Microsoft Windows 7 Enterprise 64 Edition
  • Microsoft Windows 7 Home Basic 32 Edition
  • Microsoft Windows 7 Home Basic 64 Edition
  • Microsoft Windows 7 Home Premium 32 Edition
  • Microsoft Windows 7 Home Premium 64 Edition
  • Microsoft Windows 7 Professional 32 Edition
  • Microsoft Windows 7 Professional 64 Edition
  • Microsoft Windows 7 Starter 32 Edition
  • Microsoft Windows 7 Ultimate 32 Edition
  • Microsoft Windows 7 Ultimate 64 Edition
  • Microsoft Windows Embedded Standard 7 32
  • Microsoft Windows Embedded Standard 7E 32-Bit

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments