HP Laptops Found with Keylogger Built Into Audio Driver
-
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda No. Zero byte file at this time. I haven't checked alternative streams yet.
Interesting. While attempting to open the file, I get denied access due to another process.
Edit: It's currently marked as readonly and hidden.
The executable will delete it and recreate it though.
-
Math is probably wrong, but
football23
10 chars password
36 possiblities per character space only using lowercase letters and numbers
36^10 possibilities roundabout.
3,656,158,440,062,976
If you do 100MillionHashes/second,
365,615,644 seconds or 101,559 hours or 4231 days or 11.5 yearsBut since football is in the dictionary it is likely much easier if your algorithm does dictionary before trying random strings. Either way, it is much easier to do if youre recording keystrokes.
@scotth Can you undo the read only bit and reboot that laptop see what happens?
-
@momurda It would take about a single day for the average computer to brute force that password.
-
@momurda Not right now. I may play around with it tonight. Comodo has a crazy task manager that I'll run on it tonight
-
@momurda said in HP Laptops Found with Keylogger Built Into Audio Driver:
But since football is in the dictionary it is likely much easier if your algorithm does dictionary before trying random strings. Either way, it is much easier to do if youre recording keystrokes.
Yep, dictionary word = not even bothering with brute forcing.
-
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?
That makes sense.
-
Last night, I fired up KillSwitch (Comodo Task Manager on Steroids), killed the process - MicTray_64.exe (can't really remember) and the log file was released for editing / viewing.
Sneaky. -
-
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
-
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
-
@StrongBad said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
In all honesty, I don't know. But I wouldn't be surprised if it ended up on a bunch of OEM branded equipment. I'm guessing that HP's just got found out 1st.
-
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
A blank log file today could be used to reduce suspicion of a full one tomorrow.