https://community.spiceworks.com/topic/1993834-keylogger-in-hp-audio-driver
"
Edit: however, after reading the original article.. holy mother of
blowing this out of proportion... good grief lol. So the purpose of the
keylogging functionality in the actual driver is because many/most HP
computers that use the driver have Conexant audio chips embedded, and
that component of the driver is used to catch/register the function keys
on the device that are used to modify sound volume etc.
So while the driver does technically read all keystrokes, it is not
actually supposed save any of them to any file except under specific
circumstances. The file is blank intentionally, and used for the sake of
diagnostic debugging only, supposedly. The purpose being that many HP
notebooks use this for microphone, volume, and even recording LED
controls all built into the driver, and the driver needs to know if any
of the applicable special keys or key combinations are pressed. The
capability to read and write all keystrokes is supposedly a debugging
and diagnostic feature only, that can only be called if the driver is
placed into diagnostic or debugging mode. The driver file mentioned is
designed to be automatically rewritten blank on every restart.
The newest version or two of the driver however, does apparently write
the keystrokes more liberally, and drops the output of keystrokes in an
insecure API if the file is locked or deleted, which is a far greater
problem to me, although all of those issues would require someone
accessing the computer directly to make use of the information.
Apparently, the functionality of capturing keystrokes is also extremely
common, but outputting the data to a file for diagnostic or debugging
purposes is new and (I concur) may not be a particularly wise
implementation if the keystroke data is written anywhere except when in
debug mode."
On 5/11/2017 10:05 AM, Mike wrote:
The Conexant software must be present on other laptops in the OEM
image. I wonder if this is HP specific somehow or if other
manufacturers have the same issue.
On Thu, May 11, 2017 at 10:08 AM, Micheal Espinola Jr
<michealespin...@gmail.com <mailto:michealespin...@gmail.com>> wrote:
https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/
<https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/>
According to researchers, the keylogger feature was discovered
in the Conexant HD Audio Driver Package version 1.0.0.46 and
earlier.
This is an audio driver that is preinstalled on HP laptops.
One of the files of this audio driver is MicTray64.exe
(C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every
time the user logs into his computer. According to modzero
researchers, the file "monitors all keystrokes made by the
user to capture and react to functions such as microphone
mute/unmute keys/hotkeys."
*This behavior, by itself, is not a problem, as many other
apps work this way. The problem is that this file writes all
keystrokes to a local file at:*
*
*
*C:\users\public\MicTray.log*
--
Espi
