HP Laptops Found with Keylogger Built Into Audio Driver
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
A blank log file today could be used to reduce suspicion of a full one tomorrow.
-
The prior log file was blank with an edit date of 1/16/17.
-
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
Does not with Lenovo. HP yes in this case. Only works if the issue is software that only comes preloaded.
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
Or into the BIOS!
-
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
What happens if you stop the service? Does it update the file to be the right size and show all your passwords?
-
How do these product meetings go? And how does someone learn programming without understanding the vulnerabilities in this?
Lead: "So we need to basically monitor all keystrokes. Would be a good idea to store them all in a plain text file too, just in case. All management and CEO think this is a great idea."
Programmer: "Seems legit. There's probably a Windows API hook for this.....[runs back to desk]"
-
@guyinpv that's probably not to far from the truth.
-
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@guyinpv that's probably not to far from the truth.
Yep. As I continue through my IT career, I learn more and more every day that the folks who seem like true industry "experts" rarely do it any better than anyone else.
-
@anthonyh Really even an expert screws up every once in a while.
-
Certainly there is a conversation in tech about ethics.
If I'm a programmer, I probably have certain ideas about what makes good or bad software or what is good or bad practice.
But really, what can they do? It's like a military-esque "sir yes sir" and just follow orders to program stuff. Why? Because you like money. And having a job is better than having no job. And some people think it's better to ask forgiveness than permission. And when questioned later the response is "I was just doing what I was told".
If I've landed a coveted job at a big corp with all the benefits and latest toys and clearing 6 figures and my whole lifestyle hangs on "build a little keylogger", it's kind of a hard choice.
-
@guyinpv said in HP Laptops Found with Keylogger Built Into Audio Driver:
Certainly there is a conversation in tech about ethics.
If I'm a programmer, I probably have certain ideas about what makes good or bad software or what is good or bad practice.
But really, what can they do? It's like a military-esque "sir yes sir" and just follow orders to program stuff. Why? Because you like money. And having a job is better than having no job. And some people think it's better to ask forgiveness than permission. And when questioned later the response is "I was just doing what I was told".
If I've landed a coveted job at a big corp with all the benefits and latest toys and clearing 6 figures and my whole lifestyle hangs on "build a little keylogger", it's kind of a hard choice.
Programmers working on this kind of stuff are likely working the tech equivalent of a sweat shop.
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@guyinpv that's probably not to far from the truth.
Yep. As I continue through my IT career, I learn more and more every day that the folks who seem like true industry "experts" rarely do it any better than anyone else.
I think that the bigger question is... who looked like an industry expert here?
-
@dafyre said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
What happens if you stop the service? Does it update the file to be the right size and show all your passwords?
Stopped the process. Opened the file, still blank. Restarted the process. Opened the file, still blank. Edit date still 5/12/17.
-
@scottalanmiller Conexant, HP could argue both are industry experts. Conexant sells millions of copies of their hw/sw combo for OEMs every year. Have done for years.
HP has been around for 60+ years selling hw/sw as an OEM.
