An audio driver that comes put in on some HP-manufactured computers data users’ keystrokes and outlets them in a world-readable plaintext file, researchers said Thursday.
The wrongdoer seems to be model 1.zero.0.31 of MicTray64.exe, a application that comes installed with the Conexant audio driver package on select HP machines.
ModZero, a Swiss security agency, found the file–which it calls a keylogger, and disclosed it Thursday by means of an advisory on its website online. Researchers with the agency say the program displays all keystrokes made by the user and that it’s been programmed to seize and react to functions corresponding to microphone mute/unmute keys/hotkeys.
The keylogger proclaims the keystrokes thru a debugging interface and writes them to a log file, C:usersPublicMicTray.log.
ModZero is warning the problem (CVE-2017-8360) might lead to the leaking of sensitive user information, akin to passwords. any person with get entry to to the unencrypted file gadget could get better the information. furthermore, because the software isn’t thought to be malicious, malware authors wouldn’t have bother shooting victim’s keystrokes both. Researchers say the keylogger comes registered as a Microsoft Scheduled activity, so it runs after each and every user login. whereas the file is overwritten every time, ModZero says it may possibly easily be recruited via a operating process or analyzed with the aid of somebody with forensic instruments.
Researchers surmised the tool has been recording keystrokes since model 1.zero.zero.31 used to be released, on Christmas Eve 2015, however stress that the same problem exists in the most recent version, 188.8.131.52, launched closing October.
Researchers say it’s no longer known if the log data is submitted to Conexant or for that matter why the keystrokes are logged being logged within the first situation.
Thorsten Schroeder, ModZero’s senior safety consultant and CEO, says there’s no proof this system used to be deliberately applied however that it mostly demonstrates the developers’ “negligence.”
“If the developer would simply disable all logging, the usage of debug-logs simplest within the development atmosphere, there wouldn’t be issues with the confidentiality of the data of any user,” Schroeder wrote Thursday.
Schroeder says he attempted to contact Conexant in regards to the driver twice, as soon as via email in April and again in may just by means of Twitter, however failed to hear again each occasions.
@ConexantSystems i am searching for a device safety contact at Conexant. My electronic mail has been unnoticed. Please DM as soon as that you can think of, thanks.
— THS (@__ths__) may 2, 2017
ModZero additionally warns the audio driver comes put in on a slew of HP machines, including its EliteBook, Elite x2, ProBook, and ZBook lines, but could exist in different machines. the corporate also promises audio drivers for Dell, Lenovo, and Asus machines even if at this level it’s now not sure they feature the same audio driver.
The agency says the next HP merchandise are affected then again:
- HP EliteBook 820 G3 notebook pc
- HP EliteBook 828 G3 computer laptop
- HP EliteBook 840 G3 workstation computer
- HP EliteBook 848 G3 computer pc
- HP EliteBook 850 G3 workstation pc
- HP ProBook 640 G2 notebook laptop
- HP ProBook 650 G2 workstation computer
- HP ProBook 645 G2 notebook pc
- HP ProBook 655 G2 pc laptop
- HP ProBook 450 G3 workstation laptop
- HP ProBook 430 G3 notebook laptop
- HP ProBook 440 G3 pc computer
- HP ProBook 446 G3 pc laptop
- HP ProBook 470 G3 pc pc
- HP ProBook 455 G3 notebook computer
- HP EliteBook 725 G3 workstation pc
- HP EliteBook 745 G3 computer computer
- HP EliteBook 755 G3 laptop computer
- HP EliteBook 1030 G1 notebook laptop
- HP ZBook 15u G3 cell laptop
- HP Elite x2 1012 G1 pill
- HP Elite x2 1012 G1 with travel Keyboard
- HP Elite x2 1012 G1 developed Keyboard
- HP EliteBook Folio 1040 G3 laptop laptop
- HP ZBook 17 G3 cellular laptop
- HP ZBook 15 G3 cell computing device
- HP ZBook Studio G3 mobile pc
- HP EliteBook Folio G1 laptop computer
Conexant techniques, which started as a derivative of Rockwell global in 1999, makes chips and device for audio and picture processing. the corporate did not right away return a request for remark Thursday morning.
Schroeder stated he tried to contact HP about the issue as smartly. A Hewlett-Packard endeavor security marketing consultant reportedly denied any wrongdoing and contacted individuals of HP Inc.’s safety group prior this month. After failing to hear again, Schroeder disclosed the difficulty, including proof of concept code, Thursday morning. Neither HP, nor HPE responded to requests for comment on Thursday.
It’s doubtful if this can be a characteristic or a flaw of the driver, but unless it’s sorted out ModZero is encouraging HP pc house owners to verify whether MicTray.exe is installed on their machines and delete the executable.
“We recommend that you simply delete or rename the executable recordsdata in order that no keystrokes are recorded anymore,” Schroeder wrote, “alternatively, the different perform keys on the keyboards would possibly not work as expected. If a C:usersPublicMicTray.log file exists on the arduous-force, it should also be deleted instantly, as it will probably incorporate numerous sensitive data comparable to login-data the first stop for safety news