HP laptops may have been logging user keystrokes for several years, after security firm Modzero discovered audio drivers with built-in keyloggers in laptops that have been shipped from at least December 2015.

The security company found that HP had released an update for the audio drivers in its laptops which can detect if a specific key have been pressed as part of a debugging and diagnostic function.

However, Modzero found that the debugger, developed by audio chip manufacturer Conexant, collects all the keystrokes and either records them in a log file in a public folder on the laptop or displays them through a debugging interface.

“This type of debugging turns the audio driver effectively into a keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015,” explained Thorsten Schroeder at Modzero.

Laptop keylogger

It is yet to be discovered how such a key-logger found its way into the audio driver, and whether Conexant or HP are responsible for the keylogger.

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers – which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” wrote Schroeder, who noted that neither Conexant or HP Inc, now responsible for HP hardware after the company split in 2015, have offered a response to the discovered keylogger.

The lack of response is why Modzero is disclosing the flaw and recommends users of HP laptops check if the program ‘C:\Windows\System32\MicTray64.exe’ or ‘C:\Windows\System32\MicTray.exe’ is installed and either delete or rename the executable files to ensure the keylogger is stopped.

“If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords,” explained Schroeder.

While the keylogger appears to have no malicious use, it does present a breach of privacy for HP laptop users who have had their laptop keyboard use recorded. Furthermore, if some one with the right technical nous got access to the keystroke logs, then they could figure out the passwords or extract other private information belonging to the laptop user.

A large range of HP laptops appear to be affected by the keylogger, including models from the EliteBook and ProBook ranges.

It wouldn’t be surprising if HP Inc’s and Conexant’s lack of response to the keylogger discovery is down to them rushing to fix it before coming out with a public statement.

HP is not the first company to have installed keyloggers on to its laptops, as Samsung was found to have installed stealthy keyloggers onto its laptops back in 2014.

Keyloggers have even been known to affect US drone fighter craft.

