Some HP portable PCs are evidently recording all that you write, including usernames and passwords, individual data as indicated by Switzerland based cybersecurity firm, Modzero. In the event that you suspected that this imperfection was engineered by the programmers, then you are incorrect?
The offender being referred to here is the sound driver preinstalled on a few HP tablets that contain a keylogger that records the majority of a client’s keystrokes.
The sound drivers were found in HP portable PCs bundled and conveyed by the organization since at any rate Christmas 2015.
The keylogger that was first discovered by Modzero in Conexant HD Audio Driver Package versions 22.214.171.124 and earlier, on April 28 was publicly disclosed on Thursday.
All in all, what is the reason for the issue? Evidently, there is a record called “MicTray64.exe” that comes preinstalled inside the sound driver on a few models of HP tablets. Each time when a client sign into their PC, the executable begins and “screens all keystrokes made by the client.” For example, keystrokes for activities, for example, quieting/unmuting the mouthpiece is caught by the sound driver. Be that as it may, this procedure accidentally forms everything and after that composes it to a decoded log document.
Despite the fact that the record is overwritten at start-up after each login, there are approaches to recover past adaptations if, for example, you have customary reinforcements of your HP gadget. The later form (126.96.36.199) makes a log document of all the key presses at C:\Users\Public\MicTray.log. On the off chance that you discover this log document existing in your C drive, then please have it erased quickly, says the firm.
What Next ?
Further, the firm has recommended the HP users that if they find the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe installed in their computers to have it deleted or rename the executable to stop further recording of the keystrokes. However, by doing this, may disable special key function but that’s a fair trade-off IMO.
Modzero believes that there “is no evidence that this keylogger has been intentionally implemented,” adding that “it is [obviously]a negligence of the developers.”
The potential exploit is present on most Windows 7 and Windows 10 systems, according to Modzero. There are 28 HP laptops that have been confirmed to use the Conexant HD audio driver package that contains the MicTray64.exe file, and other manufacturers that use the same audio driver may also be at risk.
Since HP Enterprise refused to take any responsibility, nor did Conexant respond to the inquiries made by Modzero, the cybersecurity firm decided to go ahead and disclose the findings to the public in accordance with their Responsible Disclosure process.
After the revelation, HP has begun taking off patches to expel the keylogger, which will likewise erase the log record containing the keystrokes, reports ZDNet.
In a concise proclamation, a representative for HP stated: “HP is focused on the security and protection of its clients and we know about the keylogger issue on select HP PCs. HP has no entrance to client information subsequently of this issue.”