Security researchers from Switzerland-based security firm ModZero have discovered a built in Keylogger inside a Hewlett Packard (HP) Audio driver – Conexant High-Definition (HD) Audio Driver.
The audio driver is found to have actions similar to a Keylogger, wherein the software records every piece of Keystroke on your device. These include everything from your Passwords to Credit Card details.
This type of operation is usually found in Trojans and other types of malware.
Why Did HP Ship Your Laptop with a Keylogger?
The concept is fairly simple to understand. It’s poor coding.
This Audio driver has the ability to control Special Media Keys on your keyboard, the ones titled “Play”, “Pause” etc. but instead of just recording those keys, the driver records every keystroke on the system.
What’s worse? It saves those keystrokes in a plain text log file on your drive. This file is fairly human readable and contains your chats, passwords and everything you’ve typed.
You can find this log file at this location on your laptop:
This log file can be copied by any malicious program to expose your passwords.
How Do I Know If My Laptop is Vulnerable?
Modzero has curated a small list of HP Laptops that they found to be running this vulnerable version of Audio Driver. But it’s best if you check your device.
Here is how you do it.
Step 1. Open “C:” Drive, or whatever drive you’ve installed Microsoft Windows in.
Step 2. Go to “System32” folder over at “C:\Windows\System32“.
Step 3. Check if a file named either MicTray.exe or MicTray64.exe exists in the folder.
If it does, then your Audio driver is recording your keystrokes.
Here is how you disable it.
Step 1. Rename the file from MicTray.exe to AnyName.exe.
Step 2. Open Task Manager > Details tab.
Step 3. Find MicTray.exe (or MicTray64.exe) > Right Click > End Process Tree.
Step 4. Go to “C:\Users\Public\” and delete the MicTray.log file.
Meanwhile, HP is working to resolve the issue and a patch will soon be made available. So, keep your devices updated.
Unscrambling MicTray.log to Reveal Passwords
If you just came here to know about the issue and fix it, then you’ve accomplished it. This section I’ve dedicated to those willing to dissect the log file and check what all it has recorded.
I was able to secure a chunk of MicTray.log file. Looking through it, I discovered it was fairly easy to uncover Keystrokes from the file.
Note: This is not foolproof and is completely based on my speculations.
The file records Keystrokes as Virtual Key Codes corresponding to Physical keys pressed on the Keyboard. So the first thing you need is a cheat sheet that can co-relate Virtual Key Codes to Physical Buttons.
Here is a sheet from Microsoft: Virtual Key Codes
Now open the log file in a Text Editor and look through it, until you find sections which read something like this:
Now correspond those Virtual Key Code (vk) to actual Key Names from the cheat sheet and you have a list of keys pressed on your Laptop.
If you know anyone using an HP Laptop, share this article with them immediately. Use the Facebook, Twitter and other Social buttons to share this page.