Several Hewlett-Packard (HP) laptops have been shipped with a keylogger in an audio driver package, according to security firm ModZero, creating a major security risk. A keylogger–surveillance software that has the ability to record every keystroke you make to a log file–can record if a password is entered, even if that password is not displayed on the screen.
In this case, it does not appear that HP included the keylogger for malicious purposes, ModZero said in a blog post. Rather, an update to the audio driver in 2015 was meant to recognize whether a special key had been pressed or released, in order to perform tasks such as turning on or off a microphone, or controlling the recording LED on a computer. But instead, it “introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.”
This type of debugging essentially turns the audio driver into a keylogger, ModZero noted. That means that any person, or malware, with local access to the user’s files on an affected computer could obtain passwords, web history, private messages, and other sensitive information, ZDNet’s Zack Whittaker noted.
A later version of the program contained even more problems, as it logs all of the keystrokes into a log file stored on the machine user’s system, found at C:\Users\Public\MicTray.log. This file is overwritten after each login, but the content could still easily be monitored by running processes or forensic tools, ModZero said in the post.
SEE: Guidelines for building security policies (Tech Pro Research)
“If you regularly make incremental backups of your hard-drive – whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups,” the post stated.
The keylogger was created due to the carelessness of the developers, ModZero said–which does not make the software less dangerous. “If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” the post stated.
The following HP computers are known to be affected by the keylogger, according to a ModZero security advisory:
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC
If you have an HP computer, you should check whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed, ModZero recommended. If it is, the firm suggested that you should delete or rename the executable files so that no more keystrokes are recorded–however, if you do this, the special function keys on your keyboard may no longer work. And if a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted, as it may contain sensitive information including passwords, ModZero advised.
The 3 big takeaways for TechRepublic readers
- Several Hewlett-Packard (HP) laptops have been shipped with a keylogger in an audio driver package, creating a major security risk, according to security firm ModZero.
- Computers including models of the HP EliteBook, HP ProBook, and HP ZBook were affected.
- While it appears that the keylogger was created due to negligence on the part of a developer, rather than for malicious purposes, users should still take the recommended steps to remove the software.