Slashdot Mirror
Keylogger Found in Audio Driver of HP Laptops, Says Report (bleepingcomputer.com)
An anonymous reader writes: The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look. Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today. According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier. This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe). This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
# ls -l C:\windows\system32\mictray64.exe
ls: cannot access 'C:windowssystem32mictray64.exe': No such file or directory
Slashdot, fix the reply notifications... You won't get away with it...
Perhaps used originally for debug, but not removed for release builds. Which would be stupidity.
Could well have been for debugging, and they forgot to take it out again.
but what debugging mode in an audio driver would require logging keystrokes?
One reason would be to replay a sequence of keystrokes to verify that a bug has been fixed.
My company has an internal app that logs input (keystrokes, mouse movements). If the program crashes, the keylog is emailed along with the stack trace to the responsible programming team. This has been a wonderful help for debugging and is WAY more useful than user descriptions of what they were doing. We can see what caused the fault, and after fixing the problem we can replay the input to verify that it is fixed. However, it only records input when this app has the focus, and users are informed that their input is being recorded.
Anything capable of reading this is capable of installing its own key logger, so.... non-story.
No, that's not been true since Vista.
Anything wanting to start with Windows and log keystrokes will need to be installed with administrator level permissions, which means a UAC prompt to the user (screen goes dark, everything except the warning message vanishes, if configured the user's password is required).
By pre-installing it HP have provided a handy way for non-privileged malware to perform keylogger functions, without the need for a privilege escalation exploit.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
"Although we did not find clear evidence that HPs intended to violate laws governing the handling of the keylogged information, there is evidence that they were extremely creless in their handling of very sensitive information."
-- James Comey
They can take my LifeAlert pendant when they pry it from my cold dead fingers.
For one of our displays, we displayed the traffic of a wireless network using a network visualization tool: https://www.youtube.com/watch?... When the kids connected to the wifi, they could see their traffic. They loved doing different things and seeing what happened.
Somebody had surreptitiously placed a surveillance tracker on a kid's phone. Every thing he did caused a burst of traffic to a remote IP. When he scrolled a screen there was a burst of traffic to that IP, When he typed a character there was a burst of traffic to that IP.. He was absolutely heartbroken when he realized what was going on. His wonderful toy instantly became a treacherous enemy. His friends all took a step back and stared at him like he had become contagious.
I didn't know how to make it better. The best I could say was: "If he is being monitored by a government, they didn't really care what he was doing." Nobody seemed reassured..