In and of itself, maybe a case of blowing out of proportion. But looking at the potential for misuse/abuse, this *could* become something serious :(
On Thu, May 11, 2017 at 1:33 PM, Susan E Bradley <sbrad...@pacbell.net> wrote: > https://community.spiceworks.com/topic/1993834-keylogger- > in-hp-audio-driver > > " > > Edit: however, after reading the original article.. holy mother of blowing > this out of proportion... good grief lol. So the purpose of the keylogging > functionality in the actual driver is because many/most HP computers that > use the driver have Conexant audio chips embedded, and that component of > the driver is used to catch/register the function keys on the device that > are used to modify sound volume etc. > > So while the driver does technically read all keystrokes, it is not > actually supposed save any of them to any file except under specific > circumstances. The file is blank intentionally, and used for the sake of > diagnostic debugging only, supposedly. The purpose being that many HP > notebooks use this for microphone, volume, and even recording LED controls > all built into the driver, and the driver needs to know if any of the > applicable special keys or key combinations are pressed. The capability to > read and write all keystrokes is supposedly a debugging and diagnostic > feature only, that can only be called if the driver is placed into > diagnostic or debugging mode. The driver file mentioned is designed to be > automatically rewritten blank on every restart. > > The newest version or two of the driver however, does apparently write the > keystrokes more liberally, and drops the output of keystrokes in an > insecure API if the file is locked or deleted, which is a far greater > problem to me, although all of those issues would require someone accessing > the computer directly to make use of the information. Apparently, the > functionality of capturing keystrokes is also extremely common, but > outputting the data to a file for diagnostic or debugging purposes is new > and (I concur) may not be a particularly wise implementation if the > keystroke data is written anywhere except when in debug mode." > > On 5/11/2017 10:05 AM, Mike wrote: > > The Conexant software must be present on other laptops in the OEM image. I > wonder if this is HP specific somehow or if other manufacturers have the > same issue. > > On Thu, May 11, 2017 at 10:08 AM, Micheal Espinola Jr < > michealespin...@gmail.com> wrote: > >> https://www.bleepingcomputer.com/news/security/keylogger-fou >> nd-in-audio-driver-of-hp-laptops/ >> >> According to researchers, the keylogger feature was discovered in the >>> Conexant HD Audio Driver Package version 1.0.0.46 and earlier. >>> >> >> >> This is an audio driver that is preinstalled on HP laptops. One of the >>> files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64 >>> .exe). >>> >> >> >> This file is registered to start via a Scheduled Task every time the user >>> logs into his computer. According to modzero researchers, the file >>> "monitors all keystrokes made by the user to capture and react to functions >>> such as microphone mute/unmute keys/hotkeys." >>> >> >> >> *This behavior, by itself, is not a problem, as many other apps work this >>> way. The problem is that this file writes all keystrokes to a local file >>> at:* >> >> >>> *C:\users\public\MicTray.log* >> >> >> -- >> Espi >> >> > > >
