According to researchers, the keylogger features were discovered in the Conexant HD Audio Driver Packages version 1.0.0.46 and earlier.
This is an audio driver that is preinstalled on HP laptop. One of the file of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Tasks every time the user logs into his computers. According to modzero researchers, the file “monitors all keystrokes made by the user to capture and react to function such as microphone mute/unmute keys/hotkeys.”
This behavior, by itself, is not a problems, as many other apps work this way. The main problem is that this file writes all keystrokes to a local file at:
C:\users\public\MicTray.log
Audio driver also exposes keystrokes in real-time data via local API
If the file doesn’t exist or a registry key containing this file’s path does not exist or was corrupted, the audio drivers will pass all keystrokes to a local API, named the OutputDebugString API.
The danger is that malicious softwares installed on the computer, or a person with physical access to the computers, can copy the log file and have access to historical keystroke data, from where he can extract passwords, chat log, visited URLs, source code, or any other sensitive data in the PC.
Furthermore, the OutputDebugString API provides a covert channels for malware to record real-time keystrokes without using native Windows function, usually under the watchful eye of antivirus softwares.
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
HP Released an Offical Press Release about the issue and they have the given a list of devices affected by this bug and will issue a patch soon.
Take your time to comment on this article.
