HP Laptop!! Your Keys are at Risk

Your HP laptop may be secretly recording everything you are typing on your keyboard.

Swiss cyber-security firm modzero discovered the keylogger on May 19 2017 and made its findings public today. HP Audio Drivers contains keylogger vulnerability that can be abused by hackers and steal user information by keeping log of  your key strokes on the target system.

According to Modzero researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier. It is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is  MicTray64.exe (C:\windows\system32\mictray64.exe).

This file is registered to start through a Scheduled Task every time the user logs into his computer. According to researchers, the file “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute ,keys/hotkeys.”

The problem is that this file writes all keystrokes to a local file at:

C:\users\public\MicTray.log

If the file doesn’t exist or a registry key containing this file’s path does not exist or is  corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API.

A malicious software installed on the computer, or a person with physical access to the computer, can copy the log file and have access to historical keystroke data, from where he can extract passwords, chat logs, visited URLs, source code, or any other sensitive data.

The researchers said they found the Conexant HD Audio Driver Package is preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected. The models that are affected are listed below:
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

How to see if you are affected?

If any of these two following files exist in your system, then this keylogger is present on your PC:

  • C:\Windows\System32\MicTray64.exe
  • C:\Windows\System32\MicTray.exe

The advise is that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.

According to modzero, to check for the existence of the HP MicTray64.exe keylogger, you should follow these steps:

1.Open Task Manager and check for a the process called MicTray64.exe and see if its their.

2.Now check the file C:\Users\Public\MicTray.log exists. If it exist, move this file to the Desktop.

3.Install the updated HP driver from here

4.Open the MicTray.log file on your desktop and examine the contents. If you see that login names, passwords, banking info, or any other sensitive login information has been logged, one should immediately change the passwords at the associated accounts.

After the above steps are followed key-logger will be removed from your HP laptops.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: