A security researcher says an audio driver is recording every keystroke entered, accessible to any person or malware that knows where to look.
An audio driver installed in many HP laptops contains a keylogger-type feature that data every keystroke entered into the PC into a log file, according to a security researcher.
Swiss security firm Modzero said in a security prediction posted Thursday that the keylogger activity was uncovered in the Conexant HD audio driver package (version 1. 0. 0. 46 and earlier), found on a large number of HP business and enterprise laptop models, including HP Elitebook, ProBook, and ZBook models including the latest Folio G1 laptop.
Anyone (or malware) with local access to the user’s files on a damaged computer, could obtain passwords, visited websites, private messages, and other sensitive information.
HP has since rolled out spots to eliminate the keylogger, which will also delete the log file containing the keystrokes.
A spokesperson for HP said in a brief statement: “HP is committed to the security and privacy of the customers and we are aware of the keylogger issue on select HP PCs. HP has no entry to customer data because of the issue. ”
HP vice-president Mike Nash said on the call after-hours on Thursday that a fix is available on windows Update and HP.com for newer 2016 and later damaged models, with 2015 models obtaining spots Friday. He added that the keylogger-type feature was mistakenly added to the driver’s production code and was never meant to be rolled out to end-user devices.
Nash did not how many models or customers were affected but did confirm that some consumer laptops were damaged.
He also confirmed that a number of consumer models that come with Conexant motorists are affected.
Keylogger Found Pre-Installed in HP Audio Driver
The pre-installed audio driver installs a driver positioned in the windows system folder, which is scheduled to get started on each and every time the user logs in. Modzero describes the application as a simple way to check to verify if a hotkey was pressed by monitoring “all keystrokes made by the user to record and react to functions such as microphone mute/unmute keys/hotkey.
The app then logs each keystroke into an unencrypted record file stored in the user’s home directory. The log file is overwritten each and every time the user records in.
In the circumstance that a log data file doesn’t exist, Modzero says that the driver’s API can allow malware to “silently capture sensitive data by capturing the customer’s keystrokes. ”
We were not immediately able to verify the findings, but a security researcher (who planned to remain nameless) confirmed the findings of the consulting in a message to ZDNet.
Conexant did not respond to a demand for comment at the time of writing.
How to Check if You are Affected and Prevent Yourself
If any of these two pursuing files exist in your system, then this keylogger is present on your computer:
- C: \Windows\System32\MicTray64. exe
- C: \Windows\System32\MicTray. exe
If one of the above files exist, Modzero suggests that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.
“Although the file is overwritten after each login, the content is likely to be easily monitored by working processes or forensic tools, ” researchers warned. “If you regularly make progressive backups of your hard-drive – whether in the cloud or on an external hard-drive – a history of all pressed keys of the last few years could of times be found in your backup.
Also, if you make regular backups of your hard drive that include the Public directory, the keylogging file involved may also exist there with your sensitive data in plain text for anyone to see. Thus, wipe that as well.