Jump to content

Covert Keylogger sold with HP's Laptops..


sman

Recommended Posts

OMG..

https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/?utm_content=buffer20997&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

Quote

HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive.

The keylogger is included in a device driver developed by Conexant, a manufacturer of audio chips that are included in the vulnerable HP devices. That's according to an advisory published by modzero, a Switzerland-based security consulting firm. One of the device driver components is MicTray64.exe, an executable file that allows the driver to respond when a user presses special keys. It turns out that the file sends all keystrokes to a debugging interface or writes them to a log file available on the computer's C drive.

 

Link to post
Share on other sites

Wow, that's just brilliant.  So they built a keylogger for debugging purposes and really didn't realize that they'd basically created a typical piece of malware?  And since it's not encrypted, it could be accessed by anyone with read access to the folder where it's kept, which could be very bad news indeed.  At least it doesn't have the more advanced functionality of truly malicious keyloggers like screencapture and browser/website monitoring though, as that would be even worse (though this is already bad enough) since the keystrokes (i.e. passwords etc.) could then be associated with the sites they're used on.  Still, any account numbers, credit card numbers and PII would be easy pickings.

Scary stuff.

Thanks for posting this.  Hopefully HP deals with the issue swiftly and makes sure those files get deleted from their customers' drives as soon as possible (hopefully automatically as part of a patch pushed out to their systems).

Link to post
Share on other sites

First of all it's un-ethical and from a brand like 'HP' is the least expected, what with their R&D, Quality control.. How can this happen? They have a lot to explain, heads to roll.. A PRO disaster.. If sued, can they be able to ride that?..

Link to post
Share on other sites

Many industry happenings have taken centrestage like the Apple vs FBI with considerable interest.. Herein the HP topic with it's serious impact on industry standards, brand value hit and it's aftermath not likely to pass into eternity so soon. Maybe HP clients who are still unaware could benefit from this topic.. 

Link to post
Share on other sites

An update on this in https://www.itnews.com.au/news/hp-pushes-out-second-keylogger-patch-461992

 

Quote

HP pushes out second keylogger patch

HP pushes out second keylogger patch
 

First patch only turned off snoopware functionality.

HP Inc has pushed out a fix to remove a keystroke logging feature in the audio driver software bundled with HP Inc notebooks that could leak sensitive private and confidential information.

Quote

An earlier patch issued by HP on May 14 simply turned off the keylogging feature rather than removing it, ModZero said.

ModZero researcher Thorsten Schröder said this meant the keylogging feature could be re-enabled simply by changing two settings in the Windows Registry configuration database.

As a result, it was relatively easy to repurpose the audio driver to create keylogging spyware, with researcher "DiabloHorn" posting an proof of concept article on how to do so.

HP Inc said there are now SoftPaq updates available for the affected notebook computers that contain the keylogging functionality.

 

Link to post
Share on other sites

Does anyone know if, in patching this issue HP is also deleting any existing logs created by this keylogger?  If not and a user is unaware of the issue or where to find the file, an attacker just has to get access to that file with read permissions (much easier to obtain in most cases than the normal write permissions required by malware) and they've got everything logged prior to the patch being executed.

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.