Recently, Switzerland-based independent security consulting firm Modzero revealed the details of a surprising security flaw in many current HP laptops running both Windows 10 and Windows 7. The audio software that came preinstalled with the machine was silently recording all of the user’s keystrokes, and potentially exposing those keystrokes to malicious parties.
HP Machines Now Available With Free Keylogger
Modzero first discovered the vulnerability in late April, tracing it back to a small piece of audio software manufactured by Irvine-based Conexant that came installed by default on several HP laptop models.
The Conexant software runs in the background and waits for relevant commands from the user, for example, when muting or unmuting the laptop’s microphone. In order to perform this task, it therefore must monitor all of the keystrokes made by the user.
Unfortunately, instead of ignoring any irrelevant typing, the software writes the keys into an unencrypted log file, stored in C:\Users\Public\MicTray.log. If the log file doesn’t exist, the keystrokes are passed on to a developer’s debugging tool called OutputDebugString. This, in turn, exposes the text to any other process currently running on the machine — including any apps installed by a third-party attacker.
Archive of Passwords and Sensitive Information
Since every keystroke is potentially logged, the vulnerability could be creating treasure trove of private data within each user’s laptop. Passwords, PIN codes and the URLs of websites visited even incognito could be read with little effort.
Modzero describes the issue as having a “high risk of leaking sensitive user input to any person or process that is able to read [unencrypted files on the machine]. Investigators with access to the unencrypted file-system might be able to recover sensitive data of historic key-logs as well. Users are not aware that every keystroke made while entering sensitive information – such as [passwords] – are captured by Conexant and exposed to [other processes].”
The security firm advises users of HP laptops with Conexant software to delete the MicTray64 executable as a workaround. This will likely disable the “feature”. Neither HP nor Conexant were able to mobilize their own security researchers quickly enough to release software that fixes the problem before the security advisory was released.
Do you own a HP laptop? Why can’t manufacturers seem to avoid these issues? Let’s hear your thoughts.
Images via HP, Pixabay