The audio driver installed on some laptops from HP contain a keylogger that records all of a user’s keystrokes and stores the information in a way that could be compromised easily, security company Modzero reported.
The Switzerland-based cybersecurity firm first discovered the keylogger, which is found in Conexant HD Audio Driver Package versions 1.0.0.46 and earlier, on April 28 and publicly disclosed its findings Thursday.
Read: How To Use FlexiKiller: New Tool Identifies, Removes Spying Software on Mac, Windows
Within the audio driver, which comes preinstalled on several models of HP laptops, is a file called MicTray64.exe. The executable starts every time a user logs into their computer and “monitors all keystrokes made by the user.”
According to Modzero, this practice is done by the audio driver to “capture and react to functions” as a user interacts with buttons on the keyboard such as volume controls or the mute/unmute button.
This practice is relatively common and on its own, not necessarily something for users to worry about. What is troubling about audio driver’s MicTray64.exe file is the way it stores all of the keystrokes it records.
The driver stores the user’s keystrokes in a local file, which can expose a user’s full keystroke data — including passwords, communications logs, web history and other sensitive data — to anyone who knows where to find the audio driver’s log.
The audio driver will also pass all keystrokes through a local application program interface (API) named OutputDebugString API. If infected by malware or otherwise compromised, the API could effectively perform real-time keystroke monitoring for any malicious actor.
Read: Is Your Smartphone Spying On You? Phone Cameras, Microphones At Risk Of Hacking, Expert Says
According to Modzero, the potential exploit is present on most Windows 7 and Windows 10 systems. There are 28 HP laptops that have been confirmed to use the Conexant HD audio driver package that contains the MicTray64.exe file, and other manufacturers that use the same audio driver may also be at risk.
The vulnerable devices from HP are listed below:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
