HP Laptops Found with Keylogger Built Into Audio Driver
-
Last night, I fired up KillSwitch (Comodo Task Manager on Steroids), killed the process - MicTray_64.exe (can't really remember) and the log file was released for editing / viewing.
Sneaky. -
-
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
-
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
-
@StrongBad said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
In all honesty, I don't know. But I wouldn't be surprised if it ended up on a bunch of OEM branded equipment. I'm guessing that HP's just got found out 1st.
-
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
A blank log file today could be used to reduce suspicion of a full one tomorrow.
-
The prior log file was blank with an edit date of 1/16/17.
-
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
Does not with Lenovo. HP yes in this case. Only works if the issue is software that only comes preloaded.
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
Or into the BIOS!
-
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
What happens if you stop the service? Does it update the file to be the right size and show all your passwords?
-
How do these product meetings go? And how does someone learn programming without understanding the vulnerabilities in this?
Lead: "So we need to basically monitor all keystrokes. Would be a good idea to store them all in a plain text file too, just in case. All management and CEO think this is a great idea."
Programmer: "Seems legit. There's probably a Windows API hook for this.....[runs back to desk]"