Friday, 15 December 2017

HP Laptops Hidden Keylogger Surveillance Software a Security Risk for Laptop Users

HP Laptops Hidden Keylogger Surveillance Software Update:

Do you own a Hewlett-Packard (HP) laptop?

Yes? Just stop whatever you are doing and listen carefully:

Your HP laptop may be silently recording everything you are typing on your keyboard.

HP is reported to have issued patches for 450+ commercial workstations, consumer laptops and other HP products after a HP Laptops Hidden Keylogger Surveillance Software was found to have been hidden in a driver.

While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in HP Laptops Hidden Keylogger Surveillance Software in an HP audio driver that spy on your all keystrokes.



Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.

What Is A Keylogger?

As the name suggests a keylogger / keystroke-logger usually refers to covert spying / monitoring software that tracks every key that you strike on your keyboard. This software is usually employed with malicious intent e.g. to collect account information, credit card numbers, user-names, passwords, and other private data.

HP computers come with Audio Chips developed by Conexant, a manufacturer of integrated circuits, who also develops drivers for its audio chips. Dubbed Conexant High-Definition (HD) Audio Driver, the driver helps the software to communicate with the hardware.

Read: Dell Latitude 7285 WiTricity Wireless Charging Laptops

Depending upon the computer model, HP also embeds some code inside the audio drivers delivered by Conexant that controls the special keys, such as Media keys offers on the keypad.

Keylogger Found Pre-Installed in HP Audio Driver

According to researchers, the flawed code (CVE-2017-8360) written by HP was poorly implemented, that not just captures the special keys but also records every single key-press and store them in a human-readable file.

This log file, which is located at the public folder C:\Users\Public\MicTray.log, contains a lot of sensitive information like users' login data and passwords, which is accessible to any user or 3rd party applications installed on the computer.

Therefore, a malware installed on or even a person with physical access to a PC can copy the log file and have access to all your keystrokes, extracting your sensitive data such as bank details, passwords, chat logs, and source code.

Modzero researchers question HP:
"So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?"
In 2015, this keylogging feature was introduced as a new diagnostic feature with an update version 1.0.0.46 for HP audio drivers and existed on nearly 30 different HP Windows PC models shipped since then.

The issue of HP Laptops Hidden Keylogger Surveillance Software affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices with HP Laptops Hidden Keylogger Surveillance Software, dating back to 2012.
In a statement, the company said:
"HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
How to Check if You are Affected from HP Laptops Hidden Keylogger Surveillance Software and Prevent Yourself from HP Laptops Hidden Keylogger Surveillance Software.

If any of these two following files exist in your system, then this keylogger is present on your PC:
  • C:\Windows\System32\MicTray64.exe
  • C:\Windows\System32\MicTray.exe
If any of the above files exist, Modzero advises that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.
Researchers warned:
"Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools."
"If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups."
Also, if you make regular backups of your hard drive that include the Public folder, the keylogging file in question may also exist there with your sensitive data in plain text for anyone to see. So, wipe that as well.

Source: Mehran Post

No comments:

Post a Comment

Tabdeeli-Gunah Sin Tax to Impose on Tobacco Smokers in Pakistan

Tabdeeli-Gunah Sin Tax Update: The government of Pakistan has taken a ‘revolutionary’ step to discourage smoking in the country.  Tab...