Skip to main content

HP rolls out a solution for its ‘keylogger’ audio driver problem

Image used with permission by copyright holder
Privacy and security are hot topics lately given the amount of malware that is constantly circulating throughout the internet by criminals and even government agencies with the purpose of accessing our personal and business information. At the same time, information is sometimes gathered inadvertently that could nevertheless end up making its way to nefarious parties.

In many cases, issues arise where a function that is meant to make things easier for users ends up being poorly executed. One example of exactly that phenomena seems to have created by an audio driver that has shipped in a number of HP PCs, Techspot reports.

Security firm Modzero discovered code in a Conexant audio driver that supports an HP feature that enables controlling audio hardware by using keyboard combinations that toggle features on and off. One example would be a hotkey for enabling and disabling the microphone.

This driver apparently intercepts and saves keyboard input in order to control the functionality. While it is meant to only grab onto the required key presses, it seems to grab all the key inputs and saves them to a file. Worse yet, the file is not encrypted, meaning it would be easy to access by malware in real time or after the fact.

modzero
modzero

Although the problem is somewhat mitigated by the fact that the file is overwritten after each start, the researchers note that it could exist in backup files and could thus be recovered well after the fact. You can check if your HP PC is affected by looking for the programs “C:WindowsSystem32MicTray64.exe” or “C:WindowsSystem32MicTray.exe” exist and renaming them if they do. If a “C:UsersPublicMicTray.log” file exists, then that should be deleted.

We reached out to HP to get its take on the situation, and it provided the following response:

“HP is committed to the security of its customers and we are aware of an issue on select HP PCs. HP has no access to customer data as a result of this issue. We have identified a fix and will make it available to our customers.”

Those weren’t just idle words, either, because the company had a fix in the works and started rolling it out over the weekend. If you own an affected HP PC, then you should see the following notification show up in Windows Update.

Mark Coppock/Digital Trends

This is obviously a mistake on the part of the driver developers and it is good to HP resolve the issue so quickly after its discovery. We note that there is no evidence that any malware or other software has made use of the data that is collected by the driver and so there is no reason to panic. Nevertheless, keep an eye out for the update, which should be installed as soon as possible.

Updated on 5-15-2017 by Mark Coppock: Added information about HP’s release of a fixed driver to Windows Update.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more