UPDATED 00:33 EDT / MAY 12 2017

INFRA

Oops: HP laptops include keystroke logger that records user names and passwords

In a security failure of gargantuan proportions, laptops shipped by HP Inc. have been found to include a keylogger that captures all user keystrokes and records them to an unprotected file.

First spotted by Swiss security firm modzero AG, the keylogger was included in a device driver developed by Conexant Systems Inc., the manufacturer of the audio chips that are used in the affected laptops. Those machines include HP‬ Elitebook, Probook and Zbook laptops running Windows 7 or 10.

Specifically, the keylogger itself is embedded in a device driver called MicTray64.exe and uses a debugging feature to capture all information a user types, including passwords and user logins. It then stores that information to a file at C:\Users\Public\MicTray.log that’s easily accessible to anyone who has access to the computer, including hackers who may have gained access through other means.

“This type of debugging turns the audio driver effectively into keylogging spyware,” the researchers at ModZero wrote. “On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”

The log file itself is overwritten every time the computer is booted up but with system backups, an ongoing complete history of user keystrokes would be available. Modzero claimed that the keylogger was most likely not installed with malicious intent, indeed that “there is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful.”

HP said it was aware of the issue.”Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version,” the company said in a statement, before adding that fixes are available via HP.com.

Modzero recommended that HP laptop users should delete the MicTray file along with all the log files the keylogger created from the $WINDIR$\System32 and $USERS$\directories in their Windows installation.

Photo: HP

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.