OH MAN. A SWISS SECURITY FIRM has revealed that HP has been shipping audio drivers with built-in keyloggers since 'at least' Christmas 2015.
The security firm in question is Modzero, and it has put up a blog about the whole thing. Through its examination of Windows Active Domain infrastructures, it found that HP released an update to its audio drivers in 2015 that introduced new diagnostic and debugging features to detect if a special key has been pressed.
This all sounds innocent enough, but, of course, isn't. Modzero probed further, and found that the audio driver package, developed and digitally signed by the audio chip manufacturer Conexant, has been poorly implemented, turning the driver "effectively into keylogging spyware."
It claims that, on the basis of meta-information of the files, the keylogger has already existed on HP computers since at least Christmas 2015.
If you can believe it, things get worse. Modzero's investigation reveals that the most recent version - 126.96.36.199 - implements the logging of all keystrokes into the publicly for any user readable file C:\Users\Public\MicTray.log.
"Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools," the security firm explains.
"If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive - a history of all keystrokes of the last few years could probably be found in your backups.
There's a ray of good news, though, as Modzero says that there's "no evidence" that this nasty keylogger has been intentionally implemented, either by HP or Conexant. Instead, it's more likely to blame on "negligence of the developers", which although makes the whole thing a little less malicious, doesn't make the software any less harmful.
Regardless, Modzero is advising that everyone who owns a HP computer should be on guard, and check whether C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed.
"We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore," it advises.
"However, the special function keys on the keyboards might no longer work as expected. If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords."
HP has yet to return our request for comment. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither