HP Palo Alto HQ

Should you personal or use a HP laptop it is time to verify whether or not both C:WindowsSystem32MicTray64.exe or C:WindowsSystem32MicTray.exe in put in. If both is, you might have an lively keylogger recording all key presses and must take motion by renaming the executable file.

Normally when a brand new keylogger is found and reported about publicly, it is discovered to be malicious spyware and the events affected have responded to the risk. Nonetheless, on this case the other is true. A keylogger was found operating on HP computer systems that is not malicious and the corporate is not doing something about it but.

The keylogger was discovered by security company modzero AG in an audio driver put in on HP methods. modzero did the accountable factor and made HP conscious of its existence. HP Enterprise refused to take duty whereas HP Inc. and the opposite firm concerned, Conexant Methods Inc., are ignoring it. So modzero determined to go public “in accordance with out Accountable Disclosure course of.”

HP Conexant Audio Driver Keylogger

This is the place issues get bizarre. Delivery a system with an lively keylogger put in is just actually ever going to occur for malicious causes. However on this case it appears like pure negligence on the a part of builders.

The software program in query is a part of a driver package deal supplied by HP (since Christmas 2015) and associated to audio chips manufactured by Conexant. Conexant’s built-in circuits seem on quite a few sound playing cards for which they supply drivers. On this case, particular key presses are supported for features reminiscent of turning the microphone and recording LED on or off.

modzero found that the software program written to detect these particular key presses really data all key presses and shops them within the following plain textual content log file: C:UsersPublicMicTray.log for anybody to view. The log is overwritten each time you log again into the pc, however throughout use it’s all the time recording key presses, which can embrace any and all passwords entered.

Negligent? Lazy? Name it what you’ll, however logging all key presses simply to detect particular key presses is ridiculous. As talked about above, you possibly can cease it taking place by renaming the executable file, nonetheless, doing so will cease the particular key performance working. Ideally, HP and Conexant take discover now and repair the issue!