HP Laptops Discovered Having A Keylogger In Audio Driver – How To Check And Disable

A keylogger on your HP laptop?

Are you one of the HP laptop users? If yes, then you should know that there was a recent report that a keylogger is lurking inside your HP laptop. However, the keylogger is not reported to exist on ALL HP laptops. The keylogger was discovered and reported by ModZero and posted the details online. And to be more precised about where is this keylogger found – it is within the audio driver package by Hewlett-Packard. Who does not use audio on their machine? Almost ALL!

HP Laptop Keylogger on Audio Driver

What is a keylogger?

If you are not a tech-savvy, you might not be familiar with the term keylogger. A keylogger is commonly used term to describe a computer program that records every keystroke a user types in the computer keyboard. In general, once you have a keylogger lurking in your machine, it can capture and record important information like your passwords and other confidential information. However, keylogger is not all bad. For example, a software developer can add logging modules or function within his application for debugging purposes. This is for the developer gain a full confidence that his application is working as expected. However, if this function is left turned on and published to the public – the end-users is vulnerable from attacks. A rouge and malicious simple application can use the left logging functionality to gain information from the user.

The latter seems to be the possible case of what happened here. However, it is still uncertain. This is because Hewlett-Packard (HP), even though HP was the one who offers the audio-driver software as part of their package, they still get it from a third-party audio chip manufacturing company called Conexant.

What does this keylogger found in HP laptops does?

Quoting what Modzero analysis about the keylogger found in HP laptops, he said:

Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.

This type of debugging turns the audio driver effectively into a keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.

– ModZero

ModZero also mentioned that he had been trying to contact HP Inc. and Conexant Systems Inc. but neither replied. Even HP Enterprise (HPE) refused any responsibilities about this issue and redirected back the matter to HP Inc. This situation pushed ModZero to publish the abnormal functionality of HP laptop’s audio application as part of their Responsible Disclosure process.

How to remove the keylogger from HP Laptop?

According to the article, it is advisable that all HP laptop (even desktops just to be sure) to check whether there’s a file named MicTray64.exe or MicTray.exe installed in your computer. Also, you might want to delete the key logs recorded by this application as it may contain sensitive information. They are commonly found in:

  • C:\Windows\System32\MicTray64.exe
  • C:\Windows\System32\MicTray.exe
  • C:\Users\Public\MicTray.log

If you have one or both of these files, either rename or delete them so that there will be no instances of keystrokes being recorded anymore. However, since this is part of the Conexant audio-driver, it is expected that some of the special functions on the keyboard intended for the audio device will no longer work as expected.

Better be safe than never.

Related Articles

Add Comment