HP Laptops Turn Up Keylogger Where You Wouldn’t Expect It

Keyloggers are nasty little things that have the potential to steal the credit card numbers of you and everyone you care about. Usernames and passwords can be easily stolen this way, so they’re a useful tool for the black hats out there. One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.

The logger was found by Swiss security researchers modzero. The Conexant HD Audio Driver Package version 1.0.0.46 and earlier apparently logs keystrokes in order to monitor things like the laptop’s volume up and down keys. The real killer here is that it feels the need to log all keystrokes detected to a readily accessible file, for reasons we can’t possibly fathom. It’s a huge security risk, but it doesn’t stop there – the driver also exposes the keystrokes through an API as well, creating an even wider attack surface for malicious actors. One can in principle access the keystroke log remotely.

There’s no word from the company yet, but we really want to know – why save the keystrokes to a file at all? Code left over from debugging, perhaps? Speculate in the comments.

58 thoughts on “HP Laptops Turn Up Keylogger Where You Wouldn’t Expect It

    1. I agree. This shouldn’t have made it out the door, though. The make file should have a debug build mode which enables this and a release build which removes this.

  1. Hmm, i have a possibly affected laptop, the log file was in the right location according to the links however the MicTray log file is empty. Checked version on the driver and I’m at version 8.65.122.0. It must be Dev’s leftovers as suggested.

    1. The article author missed a 0 in the version number. The affected software is “Recent and previous (Q2/2017) HP Audiodriver Packages / Conexant High-Definition (HD) Audio Driver Version 10.0.931.89 REV: Q PASS: 5” according to the original advisory.

      So based solely on the version number you can assume that you are affected by this.

          1. Van Halen song. Intro is great…
            Whole song is great.

            “She’s blinding, I’m flying
            Right behind the rear-view mirror now
            Got the feeling, power steering
            Pistons popping, ain’t no stopping now…”

  2. the first thing I do with any new HP laptop, including this one, is boot from a linux install USB stick, nuke the windows partition, and install linux.

    As a bonus, the laptop’s useful life increases by about 4 years.

  3. OK, from the beginning nothing anymore is secure. Every country, business and hacker on earth has got their nose stuck up your underwear sniffing out what you had for lunch last week. It’s not a conspiracy when time and time again we hear true stories like this that leak through all the internet filters. Does anyone here actually think these people respect your privacy or dare I say 4A rights to privacy. Not in a million years. Encryption has back doors most times. Everything you type is stored somewhere for some AI to sniff through. Nothing is secure or safe. It’s just the world we now live in is so much easier to invade your privacy. It’s for the children of course. ;-(

  4. The reason why it happened doesn’t matter. The reason it took so long for it to be discovered is far more important. That reason is simple: closed source software is orders of magnitude more difficult to audit than open source.

    1. I don’t know if that applies here, it seems pretty damn easy to ‘audit’ a damn file with all your keystrokes being there.
      And being constantly updated and open.

  5. I’m wondering if the Conexant’s original intent was for HID control. MS has voice recognition as well as Nuance’s Naturally speaking, that allows media player control, Web surfing, or control almost any app. Clipboard capability as a command (cut copy paste) was handled differently than text input into any program, & was replayable. Just highlight the text in question and hear what you have said.

    1. Yes, MS is also being malware and spies on you, and no that’s not OK nor legit, nor should it be legal if you can’t easily turn it off and aren’t clearly informed, and you can’t turn it off in many cases. Cortana can’t even be removed or completely disabled on basic W10 for instance. Lacks the management settings and MS won’t allow it.
      I can’t believe they get away with it in the EU, they really made great strides in adapting to the way bribes are done in the EU it seems, which often is confusing to American companies. Or perhaps it’s done by the US government for them?
      .

  6. Years ago HP was a wonderful company and it’s products were very very well engineered at all levels, however I have nothing nice to say about them as they are today and the only product of theirs that I have purchased recently is a huge disappointment. WTF happened?

    1. “The success and prosperity of our company will be assured only if we offer our customers superior products that fill real needs and provide lasting value, and that are supported by a wide variety of useful services, both before and after sales.”
      Statement of Corporate Objectives. Hewlett-Packard, 1980

      Seems they’ve lost a bit of focus since then.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s