866-754-3592

UIU Blog

HP Laptop Keylogger

The problem

An audio driver, supplied by Conexant for HP, may be covertly logging user keystrokes, creating a security issue.

The driver software apparently monitors every keystroke a user makes due to a "debugging" section of code that was not removed prior to market release. The devices then store the key strokes in an file, unencrypted, on the hard drive.

The audio driver provided by Conexant logs all keystrokes to a file or prints them to the system debug log, where the data, including user credentials, could be easily accessible.

HP reports that "a potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD Audio Drivers on HP products. HP has no access to customer data as a result of this issue."

HP further asserts that the keylogger in question does not appear to be malicious. "There’s no evidence that the keylogger actually does anything with the keystrokes it captures beyond saving them to your PC."

Impacted HP products are shown in the table at this link: HP Support Communication - Security Bulletin: Conexant HD Audio Driver Local Debug Log

More resources: Ars Technica article: HP laptops covertly log user keystrokes, researchers warn


How to Check if Your HP Laptop Has the Conexant Keylogger

HP laptops released in 2015 and 2016

Navigate to C:\Users\Public\ and see if you have a MicTray.log file. Double-click it to view the contents. If you see information about your keystrokes, you have the problem driver installed.

If you do see data in this file, you’ll want to delete the MicTray.log file from any system backups it may be a part of to ensure the records of your keystrokes are erased. You should also delete the MicTray.log file locally to erase the record of your keystrokes.

"To check whether this is happening, download and run Microsoft’s DebugView application (DebugView v4.81) . Look at the DebugView application and press some keys on your keyboard. If the Conexant audio driver is capturing keystrokes and printing them as debug messages, you’ll see many “Mic target” lines, each with a scancode. If you don’t see a MicTray.log file with keystrokes in it and you don’t have any “Mic target” output visible in DebugView, congratulations. Your system does not have the buggy audio driver software installed and running."

How-To Geek article: How to Check if Your HP Laptop Has the Conexant Keylogger


FIX

HP has provided software updates for Conexant HD Audio Drivers: HP Support Communication - Security Bulletin: Conexant HD Audio Driver Local Debug Log

If the fix hasn’t been released yet, or you can’t run Windows Update for some reason, you can remove the software that causes the problem. You will need to locate MicTray64.exe or MicTray.exe in Task Manager, right-click it, and select “End Task”. Then delete the MicTray.exe or MicTray64.exe file. This may inhibit some media function keys on your keyboard.


When will Big Bang release a new UIU Driver Database?

(As of May 18, 2017)


UIU Support has acquired the repaired drivers for all available, UIU supported OS's and is testing a new database release at this time. This is our top priority, and please contact us if you'd like notice immediately upon release of this update.



Showing 0 Comment