Killing HP's Keylogger
How can I check to see if my HP laptop has the key tracking problem?
This question was answered on May 17, 2017. Much of the information contained herein may have changed since posting.
A recent discovery by Swiss security firm Modzero exposed a major security problem in a large number of HP laptops. They found that an audio driver that was ‘listening’ for specific ‘hotkeys’ was also recording every keystroke and storing them in an unprotected log file.
Often referred to as ‘keylogging’, this type of activity is usually associated with nefarious programs that try to steal passwords or other sensitive credentials by recording all your keystrokes.
In HP’s case, there’s nothing indicating that anyone was remotely capturing the keystrokes contained in the log files; It’s more of a major mistake made by the company that provided HP with the software.
Who’s At Risk?
Conexant is a primary supplier of audio componentry to most of the major laptop manufactures as well as devices like Amazon’s Echo (Alexa), but this particular issues appears to be isolated to specific HP laptops.
They inadvertently left special debugging code active in the final driver provided to HP, which can potentially be exploited in a number of ways because every keystroke you make – even if you can’t see the character as you type – is being captured to this unprotected file.
It’s the digital equivalent of your computer ‘talking in its sleep’; any program that cares to ‘listen’ could make use of this extremely sensitive information.
Owners of any of HP’s Elite, EliteBook, ProBook or ZBook models from 2015 and 2016 should check their computers for the bug.
How to Check Your Laptop
The following steps may be a bit technical for some, but it’s too important to ignore, so make sure you get help from a trusted technical resource.
Different model laptops exhibit different behaviors, but many of the most common models will have created this log file in the following location: C:\Users\Public\MicTray.log.
If your computer has this log file and you can see data in it when you open the file, your computer has the problem.
If you see the file with no data in it, you’re still not in the clear as the debug output could still be exposing your keystrokes to other programs or it will be empty if you just logged into your computer.
To check for leaking keystrokes, you can run Microsoft’s DebugView while typing random characters on your keyboard to see what is being captured. If you see any lines in DebugView that refers to ‘Mic target’, your computer is operating with the defective audio driver.
How to Kill the Keylogger
Both HP and Microsoft have released updates to fix the problem, so if you regularly keep your computer updated, you may have already fixed the problem.
HP laptop owners that want to make sure they have the updated audio driver can go to HP’s driver download page in the ‘Support’ section of their website.
This logging behavior goes back to October of 2016, so even if you have fixed the problem, your old backups could contain old log files. Make sure you search for and delete any instance of the MicTray.log file in any of your backups as well.
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on May 17, 2017