Keylogger Found in Audio Driver of HP Laptops, Says Report

An anonymous reader writes: The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look. Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today. According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier. This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe). This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."

Never assume...

[thegreatbob]

Was this malice or stupidity? Perhaps both?

Re:Never assume...

[Calydor]

Malice.

It had NO REASON WHATSOEVER to keep a logfile for the keystrokes. Listen to the keyboard for a hotkey or combo? Sure thing, that's what these programs HAVE to do. But a logfile? WHY? Was it gonna check if it MISSED SOMETHING two hours ago?

Re:Never assume...

[MightyMartian]

I can't sort out how it would be an accident. Sometimes these things are due to debugging modes not being turned off on the production release, but what debugging mode in an audio driver would require logging keystrokes?

Re:Never assume...

Perhaps used originally for debug, but not removed for release builds. Which would be stupidity.

Re:Never assume...

[Wonda]

Could well have been for debugging, and they forgot to take it out again.

Re:Never assume...

[AmiMoJo]

The developer needed some debug info, and maybe even figured it would be helpful for remote debugging of problems, so they threw in a log file. Probably meant to disable it in the release build, or maybe they were just incompetent and didn't realize what a problem it was.

Not a problem!

[Joce640k]

Anything capable of reading this is capable of installing its own key logger, so.... non-story.

Still, it shows the stupidity of some programmers. I get you need to debug things but have an on/off setting and disable it by default.

Kid heartbroken by surveillance.

[dweller_below]

Recently we had a career fair for high school kids. Everybody was there. The kids loved it.

For one of our displays, we displayed the traffic of a wireless network using a network visualization tool: https://www.youtube.com/watch?... When the kids connected to the wifi, they could see their traffic. They loved doing different things and seeing what happened.

Somebody had surreptitiously placed a surveillance tracker on a kid's phone. Every thing he did caused a burst of traffic to a remote IP. When he scrolled a screen there was a burst of traffic to that IP, When he typed a character there was a burst of traffic to that IP.. He was absolutely heartbroken when he realized what was going on. His wonderful toy instantly became a treacherous enemy. His friends all took a step back and stared at him like he had become contagious.

I didn't know how to make it better. The best I could say was: "If he is being monitored by a government, they didn't really care what he was doing." Nobody seemed reassured..