Keylogger Discovered in Hewlett-Packard Laptop Audio Drivers

Swiss security firm ModZero discovered that several Hewlett-Packard laptops are silently logging user keystrokes. The unusual security case thankfully is not born out of malicious intent, but rather an unfortunate oversight. ModZero discovered that an audio driver silently logged keystrokes as part of its function to detect hotkey shortcuts. This is because the audio chip manufacturer Conexant, unfortunately, placed several debugging and diagnostic features which created a comprehensive log file. The oversight was in disabling the debugging feature for the public build of the driver. Doing so would have prevented it from actually turning into a built-in spyware. The offending audio driver is part of the driver package from Hewlett-Packard since at least December 2015.

ModZero has reached out to Hewlett-Packard Enterprise (HPE) but the company allegedly refused to take responsibility. They also received a similar response from Conexant and Hewlett-Packard Inc, which prompted the security firm to release the information to the public. “Obviously, it is a negligence of the developers— which makes the software no less harmful. If the developer would just disable all logging, using debug logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” Modzero wrote on their blog.

Security Measures for HP Laptop Owners

HP laptop owners can view the keylogger file at C:\Users\Public\MicTray.log. The keylogger only writes into a single file and overwrites it per session.

Users should also check if C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. This is the program that causes the security concern and is safe to delete or rename in order to bypass the keylogging feature.