Log in Register

Log in

Remember me?



Keylogger Discovered in HP Audio Driver

Rather than being malicious, this looks like negligence by developers. What's more concerning is it's been on HP systems since 2015.

If you own or use a HP computer or laptop, it's time to check whether C: \ Windows \ System32 \ MicTray64.exe or C: \ Windows \ System32 \ MicTray.exe in installed. If so, you have an active keylogger recording all key presses and need to act by renaming the executable file.

Typically when a new keylogger is found and reported publicly, it's discovered to be harmful spyware and the parties affected respond to the risk. A keylogger was discovered on HP computers, however it is not harmful so the business isn't doing anything about it yet. In this case it appears like pure carelessness on the part of developers.

The keylogger was found by security business modzero AG in an audio driver installed on HP systems. Modzero did the responsible thing and made HP familiar with its existence. HP Enterprise chose not to take responsibility while HP Inc. and the other business involved, Conexant Systems Inc., are ignoring it. So modzero decided to go public "in accordance with our Responsible Disclosure process."

The software application in question is part of a driver package provided by HP (since December 2015) and associated to audio chips produced by Conexant. Conexant's integrated circuits appear on various sound cards for which they provide drivers. In this case, special key presses are supported for functions such as turning the microphone and recording LED on or off.

Modzero found that the software application written to spot these special key presses in fact records all key presses and stores them in a plain text log file (C: \ Users \ Public \ MicTray.log) for anybody to see. The log is overwritten each time you log back into the computer, however during use it is constantly recording key presses, which will include any and all passwords entered.

HP released an update for the Conexant audio driver to eliminate the keylogger. The update covers almost 30 HP models from the EliteBook, ProBook, ZBook, and Elite x2 product lines. It can be downloaded from HP's website or through Windows Update.