AuthentificationSecuritySecurity Management

HP Laptops Have ‘Recorded’ User Keystrokes Since 2015

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Follow on:

The keylogger represents a breach in both privacy and a potential security risk

HP laptops may have been logging user keystrokes for several years, after security firm Modzero discovered audio drivers with built-in keyloggers in laptops that have been shipped from at least December 2015. 

The security company found that HP had released an update for the audio drivers in its laptops which can detect if a specific key have been pressed as part of a debugging and diagnostic function. 

However, Modzero found that the debugger, developed by audio chip manufacturer Conexant, collects all the keystrokes and either records them in a log file in a public folder on the laptop or displays them through a debugging interface.

“This type of debugging turns the audio driver effectively into a keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015,” explained Thorsten Schroeder at Modzero

Laptop keylogger 

keyloggerIt is yet to be discovered how such a key-logger found its way into the audio driver.

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” wrote Schroeder.

Modzero recommends users of HP laptops check if the program ‘C:\Windows\System32\MicTray64.exe’ or ‘C:\Windows\System32\MicTray.exe’ is installed and either delete or rename the executable files to ensure the keylogger is stopped. 

“If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords,” explained Schroeder. 

While the keylogger appears to have no malicious use, it does present a breach of privacy for HP laptop users who have had their laptop keyboard use recorded. Furthermore, if some one with the right technical nous got access to the keystroke logs, then they could figure out the passwords or extract other private information belonging to the laptop user.

A large range of HP laptops appear to be affected by the keylogger, including models from the EliteBook and ProBook ranges. 

“HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com,” HP Inc said in a statement to Silicon

HP is not the first company to have installed keyloggers on to its laptops, as Samsung was found to have installed stealthy keyloggers onto its laptops back in 2014

Keyloggers have even been known to affect US drone fighter craft

Do you know all about security in 2017? Try our quiz!