Keyloggers are nasty little things that have the potential to steal the credit card numbers of you and everyone you care about. Usernames and passwords can be easily stolen this way, so they’re a useful tool for the black hats out there. One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.
The logger was found by Swiss security researchers modzero. The Conexant HD Audio Driver Package version 1.0.0.46 and earlier apparently logs keystrokes in order to monitor things like the laptop’s volume up and down keys. The real killer here is that it feels the need to log all keystrokes detected to a readily accessible file, for reasons we can’t possibly fathom. It’s a huge security risk, but it doesn’t stop there – the driver also exposes the keystrokes through an API as well, creating an even wider attack surface for malicious actors. One can in principle access the keystroke log remotely.
There’s no word from the company yet, but we really want to know – why save the keystrokes to a file at all? Code left over from debugging, perhaps? Speculate in the comments.
It’s probably a good idea to link the original advisory by modzero: https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
Devs’ leftovers.
I agree. This shouldn’t have made it out the door, though. The make file should have a debug build mode which enables this and a release build which removes this.
Hmm, i have a possibly affected laptop, the log file was in the right location according to the links however the MicTray log file is empty. Checked version on the driver and I’m at version 8.65.122.0. It must be Dev’s leftovers as suggested.
The article author missed a 0 in the version number. The affected software is “Recent and previous (Q2/2017) HP Audiodriver Packages / Conexant High-Definition (HD) Audio Driver Version 10.0.931.89 REV: Q PASS: 5” according to the original advisory.
So based solely on the version number you can assume that you are affected by this.
Wonderful… we have a few HP machines in the office. I’ve just sent an email to all staff at my workplace to check for C:\users\public\MicTray.log and report back… then we can figure out how to eradicate this pest if affected.
Thx for info
OHHH @#$%! I own am HP laptop and use it for everything. Is there a way to remove this vulnerability?
I’ve heard microwaving the laptop for 30s (not longer!) on medium power will fix this as well as any intermittent video issues.
Just uninstall the audio driver, and use the windows one instead.
So that windows can automatically reload the defective driver!!!
Suggested workaround is deleting mictray(64).exe and the log in users\public.
you’ve must mean: “log this”
https://www.youtube.com/watch?v=b9bc1s0quJM
Post the contents of C:\users\public\MicTray.log here, and we can analyze for you.
So what?!
Windows 10 has a keylogger from Microsoft, no secret.
It is enabled by default, still nobody seems to care about it.
:o)
It is the free spyware, people love spyware as long as it is free – look at google, facebook, twitter, …
Yes, the difference being is that they own up to it. You -can- disable it. This here seems to be a sloppy leftover from the debugging effort.
You can disable it, but they’ll enable it at some point in the future to keep optimizing your typing experience. :^)
One reason I switched to Linux for most things.
“Windows has noticed that you use the letter ‘e’ a lot. In order to improve your typing experience, Windows has also bound ‘q’ to ‘e’.”
for this reason you need to learn to type backward on your keyboard, so even if they monitor your typing it will be garbage
…yllatnem “dedoced” eb nac dna ,ezingocer ot ysae ylemertxe si txet eseveR
esreveR*
Haha. I misspelled reverse in reverse. That just seems wrong!
Are we not pure? “No sir!” Panama’s moody Noriega brags. “It is garbage!” Irony dooms a man; a prisoner up to new era.
As a Panamanian, I must admit I did not get that reference. I don’t think anybody else did either.
507 represent!
A man, a plan, a canal. Panama!
Ain’t nothing like it, shiny machine.
Just ease the seat back, Eddie and Dave!
And I don’t get Cmh62. That’s not a palindrome.
Van Halen song. Intro is great…
Whole song is great.
“She’s blinding, I’m flying
Right behind the rear-view mirror now
Got the feeling, power steering
Pistons popping, ain’t no stopping now…”
ah. should have recognized it. songs of my youth, though I leaned more to Rush, and the Stones.
Bet it’s in All drivers for that chipset not just HP. I wonder if the MSFT driver for the chipset has it or only the “official” one from HP?
I wonder about my wife’s Compaq laptop.
Pay up. It’s just in the shovelware garbage that HP includes.
the first thing I do with any new HP laptop, including this one, is boot from a linux install USB stick, nuke the windows partition, and install linux.
As a bonus, the laptop’s useful life increases by about 4 years.
It’s generally standard practice for me to wipe the HD of any factory built computer since they ship with so much trashware.
And how do you know that a dev of an obscure driver you need has not made the same mistake? If no one is checking the code then it’ll not be found.
In open source software esp stuff that gets into the kernel there is peer review so a big mistake like that would be quickly discovered.
Mhm…remember heartbleed? Dat peer review though.
Me too, I actually prefer older hardware with Q4os installed, give it a try.
OK, from the beginning nothing anymore is secure. Every country, business and hacker on earth has got their nose stuck up your underwear sniffing out what you had for lunch last week. It’s not a conspiracy when time and time again we hear true stories like this that leak through all the internet filters. Does anyone here actually think these people respect your privacy or dare I say 4A rights to privacy. Not in a million years. Encryption has back doors most times. Everything you type is stored somewhere for some AI to sniff through. Nothing is secure or safe. It’s just the world we now live in is so much easier to invade your privacy. It’s for the children of course. ;-(
That is why I post to the Internet with a manual typewriter that has a fabric ribbon.
The original keylogger!
Unless it’s the kind that’s in a continuous loop inside the cart.
“expect to find a keylogger in a dodgy movie torrent ”
Right.. no sure…
I mean; come on now,
The reason why it happened doesn’t matter. The reason it took so long for it to be discovered is far more important. That reason is simple: closed source software is orders of magnitude more difficult to audit than open source.
I don’t know if that applies here, it seems pretty damn easy to ‘audit’ a damn file with all your keystrokes being there.
And being constantly updated and open.
I’m wondering if the Conexant’s original intent was for HID control. MS has voice recognition as well as Nuance’s Naturally speaking, that allows media player control, Web surfing, or control almost any app. Clipboard capability as a command (cut copy paste) was handled differently than text input into any program, & was replayable. Just highlight the text in question and hear what you have said.
Yes, MS is also being malware and spies on you, and no that’s not OK nor legit, nor should it be legal if you can’t easily turn it off and aren’t clearly informed, and you can’t turn it off in many cases. Cortana can’t even be removed or completely disabled on basic W10 for instance. Lacks the management settings and MS won’t allow it.
I can’t believe they get away with it in the EU, they really made great strides in adapting to the way bribes are done in the EU it seems, which often is confusing to American companies. Or perhaps it’s done by the US government for them?
.
Years ago HP was a wonderful company and it’s products were very very well engineered at all levels, however I have nothing nice to say about them as they are today and the only product of theirs that I have purchased recently is a huge disappointment. WTF happened?
HP’s years are like a calendar, with two eras separated by a divisive figure: CE (current era) and BC (Before Carly).
I was told their consumer laptops are bad but their business models are actually pretty decent.
“The success and prosperity of our company will be assured only if we offer our customers superior products that fill real needs and provide lasting value, and that are supported by a wide variety of useful services, both before and after sales.”
Statement of Corporate Objectives. Hewlett-Packard, 1980
Seems they’ve lost a bit of focus since then.
HP = Horrible Product, period.
HP have said it was a mistake and have issued a fix for it:
http://www.zdnet.com/article/keylogger-found-on-several-hp-laptops/
why would they do that weird
why would they do it and the first place