HP Devices Have Been Found To Contain Keylogging Software

May 13, 2017, 01:43
HP Devices Have Been Found To Contain Keylogging Software

Security researchers have discovered that a feature installed in a number of HP (Frankfurt: 7HP.F - news) laptops is recording all of the keystrokes that the laptop users make.

The researchers said that the process effectively turns the turns the audio driver into keylogging spyware. The data is stored in hexadecimal format, and is quickly converted to plain-text ASCII. If the log file doesn't exist, the audio driver's API can let malware capture the keystrokes instead.

Modzero has a list of the laptops affected, which includes some from the Elitebook, Elite, Zbook, and Probook range.

HP vice president Mike Nash provided some additional information to ZDNet late last night, saying that a fix is now available for newer 2016 and later models affected by this.

More news: Madrid Open: Andy Murray beaten by Borna Coric

Even though the file is overwritten at start-up after each login, there are ways to retrieve past versions if, for instance, you have regular backups of your HP device.

Not only that, but Modzero's investigation reveals that the most recent version - - implements the logging of all keystrokes into the file "C:\Users\Public\MicTray.log", which can be read by anyone able to access the PC.

Over the past few years, we've seen some high profile security problems with laptops from Lenovo, Samsung, and Dell.

A spokesman for HP responded to the concerns in a statement sent out to the media, in which they said: 'HP is committed to the security of its customers and we are aware of an issue on select HP PCs.

More news: Allegri backs Juventus for Champions League glory

In a blog post written by ModZero, the firm said: 'There is no evidence that this keylogger has been intentionally implemented. Hopefully now that the information is public, HP will go back and do something about it.

It is located in c:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and can be deleted, although this may cause the special function keys on the laptop to no longer work.

Apparently the keylogger "feature" was put into the production code - presumably for debugging purposes - but should have been removed in the final release of the audio driver.

ModZero said it tried contacting HP and Conexant about the issue, but was shrugged off by HP Enterprise and flat out ignored by HP Inc. and Conexant.

More news: Trump Scientific Adviser Shakeup Could Mean More Industry Advice

HP has yet to return our request for comment.