A security researcher says an audio driver is recording every keystroke entered, accessible to any person or malware that knows where to look.
An audio driver installed in several HP laptops contains a keylogger-type feature that records every keystroke entered into the computer into a log file, according to a security researcher.
Swiss security firm Modzero said in a security advisory posted Thursday that the keylogger activity was discovered in the Conexant HD audio driver package (version 1.0.0.46 and earlier), found on dozens of HP business and enterprise laptop models, including HP Elitebook, ProBook, and ZBook models -- including the latest Folio G1 laptop.
Anyone (or malware) with local access to the user's files on an affected computer, could obtain passwords, visited web addresses, private messages, and other sensitive information.
It's not known if HP's consumer laptops or if any other manufacturers are affected, however.
The pre-installed audio driver installs a driver located in the Windows system folder, which is scheduled to start every time the user logs in.
Modzero describes the application as a crude way to check to see if a hotkey was pressed by monitoring "all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkey."
The application then logs each keystroke into an unencrypted log file stored in the user's home directory.
The log file is overwritten every time the user logs in.
In the case that a log file doesn't exist, Modzero says that the driver's API can allow malware to "silently capture sensitive data by capturing the user's keystrokes."
Here's what it looks like (the keystrokes are stored in hexadecimal code):
We weren't immediately able to confirm the findings, but a security researcher (who wanted to remain nameless) confirmed the findings of the advisory in a message to ZDNet.
Modzero said that deleting the "MicTray64.exe" application should mitigate the issue for now.
When reached, a HP spokesperson did not immediately comment, but we will update when we hear back.
Conexant did not respond to a request for comment at the time of writing.
Source:
http://www.zdnet.com/article/keylogger-found-on-several-hp-laptops/#ftag=RSSbaffb68
An audio driver installed in several HP laptops contains a keylogger-type feature that records every keystroke entered into the computer into a log file, according to a security researcher.
Swiss security firm Modzero said in a security advisory posted Thursday that the keylogger activity was discovered in the Conexant HD audio driver package (version 1.0.0.46 and earlier), found on dozens of HP business and enterprise laptop models, including HP Elitebook, ProBook, and ZBook models -- including the latest Folio G1 laptop.
Anyone (or malware) with local access to the user's files on an affected computer, could obtain passwords, visited web addresses, private messages, and other sensitive information.
It's not known if HP's consumer laptops or if any other manufacturers are affected, however.
The pre-installed audio driver installs a driver located in the Windows system folder, which is scheduled to start every time the user logs in.
Modzero describes the application as a crude way to check to see if a hotkey was pressed by monitoring "all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkey."
The application then logs each keystroke into an unencrypted log file stored in the user's home directory.
The log file is overwritten every time the user logs in.
In the case that a log file doesn't exist, Modzero says that the driver's API can allow malware to "silently capture sensitive data by capturing the user's keystrokes."
Here's what it looks like (the keystrokes are stored in hexadecimal code):
We weren't immediately able to confirm the findings, but a security researcher (who wanted to remain nameless) confirmed the findings of the advisory in a message to ZDNet.
Modzero said that deleting the "MicTray64.exe" application should mitigate the issue for now.
When reached, a HP spokesperson did not immediately comment, but we will update when we hear back.
Conexant did not respond to a request for comment at the time of writing.
Source:
http://www.zdnet.com/article/keylogger-found-on-several-hp-laptops/#ftag=RSSbaffb68
