Keylogger Found in Audio Driver of HP Laptops, Says Report

An anonymous reader writes: The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look. Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today. According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier. This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe). This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."

Re:Never assume...

[ShanghaiBill]

but what debugging mode in an audio driver would require logging keystrokes?

One reason would be to replay a sequence of keystrokes to verify that a bug has been fixed.

My company has an internal app that logs input (keystrokes, mouse movements). If the program crashes, the keylog is emailed along with the stack trace to the responsible programming team. This has been a wonderful help for debugging and is WAY more useful than user descriptions of what they were doing. We can see what caused the fault, and after fixing the problem we can replay the input to verify that it is fixed. However, it only records input when this app has the focus, and users are informed that their input is being recorded.

Re:Not a problem!

[AmiMoJo]

Anything capable of reading this is capable of installing its own key logger, so.... non-story.

No, that's not been true since Vista.

Anything wanting to start with Windows and log keystrokes will need to be installed with administrator level permissions, which means a UAC prompt to the user (screen goes dark, everything except the warning message vanishes, if configured the user's password is required).

By pre-installing it HP have provided a handy way for non-privileged malware to perform keylogger functions, without the need for a privilege escalation exploit.