Header Ads

Home Internet Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Friday, May 12, 2017
Do you own a Hewlett-Packard (HP) laptop?  

Yes? Just stop whatever you are doing on your PC right now.

Your HP laptop may be silently recording everything you are typing on your keyboard.


While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

HP, a well-known brand of computers, now has a new problem at hand. It has been discovered that the audio driver of your machines has a keylogger installed and the collected data can be easily stolen.


Depending upon the computer model, HP also embeds some code inside the audio drivers delivered by Conexant that controls the special keys, such as Media keys offers on the keypad.

The HP Keylogger

This keylogger is present in an audio driver that comes with HP computers and is intended to detect if one of the keys associated with audio control has been clicked. It would not be a problem if these logs were not being saved to a file easily accessible in Windows.
Malware created to exploit this vulnerability could quickly access user-entered data, including access data to any service and its passwords.

According to researchers, the flawed code (CVE-2017-8360) written by HP was poorly implemented, that not just captures the special keys but also records every single key-press and store them in a human-readable file.

This log file, which is located at the public folder C:\Users\Public\MicTray.log, contains a lot of sensitive information like users' login data and passwords, which is accessible to any user or 3rd party applications installed on the computer.

Therefore, a malware installed on or even a person with physical access to a PC can copy the log file and have access to all your keystrokes, extracting your sensitive data such as bank details, passwords, chat logs, and source code.

"So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?" Modzero researchers question HP.
In 2015, this keylogging feature was introduced as a new diagnostic feature with an update version 1.0.0.46 for HP audio drivers and existed on nearly 30 different HP Windows PC models shipped since then.
Affected models include PCs from the HP Elitebook 800 series, the EliteBook Folio G1, HP ProBook 600 and 400 series, and many others. You can find a full list of affected HP PC models in the Modzero's security advisory.

Researchers also warned that "probably other hardware vendors, shipping Conexant hardware and drivers" may also be affected.


How to Check if You are Affected and Prevent Yourself

 

   If any of these two following files exist in your system, then this keylogger is present on your PC:

  • C:\Windows\System32\MicTray64.exe
  • C:\Windows\System32\MicTray.exe
If any of the above files exist, Modzero advises that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.
"Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools," researchers warned. "If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups."
Also, if you make regular backups of your hard drive that include the Public folder, the keylogging file in question may also exist there with your sensitive data in plain text for anyone to see. So, wipe that as well.

Source:- THN.com & TechViral.net

 

   
Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.