A security vulnerability was discovered in the audio driver installed on some HP laptops that includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.
The discovery of the keylogger was made by a Swiss cyber-security firm Modzero on April 28.
However, in a swift reaction, HP has issued an update to remove a keylogging mechanism found in the audio drivers included with some of its high-end laptops.
HP Vice President Mike Nash told Axios — a tech news site — that his company had released an update to the maligned audio drivers last night.
The updates will reach users via Windows Update, with updates for 2016 laptop models going live last night, and updates for 2015 laptop models going live today.
If users can't wait, or they want to review the update package, the file is here, and an HP driver update summary is here.
Beepingcomputers made an extensive review of how the keylogger works, and the risks it pose.
The HP keylogger scandal came to light yesterday after Swiss cyber-security firm modezero discovered that the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models came with a file called MicTray64.exe that logged all the user's keystrokes to a local file.
This log file was never sent to HP or Conexant, but its mere presence on users' computers was an issue, as malware or any other person could copy the file and extract passwords or online chats from that file.
That particular audio driver was only installed on 28 laptop models that HP had been selling since late 2015.
Nash says the keylogger feature was only debugging code that was mistakenly left inside the driver package by the Conexant team.
The HP update not only removes the driver's keylogger capabilities, but also the log file where these keystrokes were saved. Users that have backups should take great care not to restore an older version of this log file, normally stored at "C:\Users\Public\MicTray.log".
Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven't officially confirmed that the issue affects other manufacturers.
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC
The discovery of the keylogger was made by a Swiss cyber-security firm Modzero on April 28.
However, in a swift reaction, HP has issued an update to remove a keylogging mechanism found in the audio drivers included with some of its high-end laptops.
The updates will reach users via Windows Update, with updates for 2016 laptop models going live last night, and updates for 2015 laptop models going live today.
If users can't wait, or they want to review the update package, the file is here, and an HP driver update summary is here.
Beepingcomputers made an extensive review of how the keylogger works, and the risks it pose.
Keylogger found on HP laptops sold since late 2015
The HP keylogger scandal came to light yesterday after Swiss cyber-security firm modezero discovered that the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models came with a file called MicTray64.exe that logged all the user's keystrokes to a local file.
This log file was never sent to HP or Conexant, but its mere presence on users' computers was an issue, as malware or any other person could copy the file and extract passwords or online chats from that file.
That particular audio driver was only installed on 28 laptop models that HP had been selling since late 2015.
HP Reacts: Keylogger feature was just debugging code
Nash says the keylogger feature was only debugging code that was mistakenly left inside the driver package by the Conexant team.
The HP update not only removes the driver's keylogger capabilities, but also the log file where these keystrokes were saved. Users that have backups should take great care not to restore an older version of this log file, normally stored at "C:\Users\Public\MicTray.log".
Keylogger feature confirmed in HP laptops
Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven't officially confirmed that the issue affects other manufacturers.
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC
