keylogger found in preinstalled audio driver on HP laptops

[Remixt]

It astounds me how the biggest companies are known for the shittiest practices.

[79wjd]

1 hour ago, Remixt said:

It astounds me how the biggest companies are known for the shittiest practices.

Companies don't give a shit about you, all they care about is their bottom line. The bigger the company the more investors you need to please.

[Sir Asvald]

8 hours ago, djdwosk97 said:

Serves you right if you buy an HP pc.

More like if you buy any pre-built... 

[GoodBytes]

4 hours ago, Remixt said:

It astounds me how the biggest companies are known for the shittiest practices.

The problem is not that HP or Conexant getting your data. The problem is that Conexant sound chip drivers were done on the cheap. At least the GUI software part of the driver, and no professional/senior personal ever code review anything. The problem is that other malware can read the file continuously and send that to someone. Basically it did the key logger for the malware maker.

[Andreas Lilja]

So my investment in KeyScrambler Premium was worth it?

[leadeater]

Seems to be a lot of implied malice when it's more likely this is just negligence/incompetence. Does anyone seriously think HP or Conexant wanted a key logging feature in the driver that stores the data in a clear text file not accessible to them? Why would they want that? If it was sending data back over the internet sure that would be extremely suspect.

 

Someone was just using that file during development to verify what was being detected and fucked up by not turning it off.

[theDarkPotato]

18 hours ago, zMeul said:

source: https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

via: https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/

 

these motha' fuckers don't seem to be willing and stop this bullcrap

1st it was Lenovo, then some shit leaked from Dell .. now HP 

 

 

laptops that could be affected by this security flaw:

• HP EliteBook 820 G3 Notebook PC
• HP EliteBook 828 G3 Notebook PC
• HP EliteBook 840 G3 Notebook PC
• HP EliteBook 848 G3 Notebook PC
• HP EliteBook 850 G3 Notebook PC
• HP ProBook 640 G2 Notebook PC
• HP ProBook 650 G2 Notebook PC
• HP ProBook 645 G2 Notebook PC
• HP ProBook 655 G2 Notebook PC
• HP ProBook 450 G3 Notebook PC
• HP ProBook 430 G3 Notebook PC
• HP ProBook 440 G3 Notebook PC
• HP ProBook 446 G3 Notebook PC
• HP ProBook 470 G3 Notebook PC
• HP ProBook 455 G3 Notebook PC
• HP EliteBook 725 G3 Notebook PC
• HP EliteBook 745 G3 Notebook PC
• HP EliteBook 755 G3 Notebook PC
• HP EliteBook 1030 G1 Notebook PC
• HP ZBook 15u G3 Mobile Workstation
• HP Elite x2 1012 G1 Tablet
• HP Elite x2 1012 G1 with Travel Keyboard
• HP Elite x2 1012 G1 Advanced Keyboard
• HP EliteBook Folio 1040 G3 Notebook PC
• HP ZBook 17 G3 Mobile Workstation
• HP ZBook 15 G3 Mobile Workstation
• HP ZBook Studio G3 Mobile Workstation
• HP EliteBook Folio G1 Notebook PC

if you are affected, stop the process MicTray64.exe and delete that piece of trash from your system

 

---

 

both Conexant and HP were notified and neither replied to the inquiry

at this point no one seems to know or point out if this package is HP's own doing or is it Conexant's own release

Lucky I have a Dell

[laminutederire]

19 hours ago, Humbug said:

Ya most laptops ship in a really terrible state.. The amount of unnecessary junk that pops up at you on bootup.

Those are useful for very unexperienced users sometimes. Like recovery tools which install uninstall drivers for newbies. I remember once, thanks to those I could have given instructions over the phone to my parents for them to reinstall Lan/wireless connection drivers, without having to spend more than 5min on it, or having to take care of it myself, with a direct access since the laptop couldn't do anything with Internet.

Those program are useless junk to us because we know how to do it ourselves, but we're the minority.

[wrath]

FYI I have an Asus laptop(gl552vx) and it has the same sound card with the same version  of driver.

I Wonder if it has the same thing.

 

 

[Urishima]

23 hours ago, Urishima said:

Now you know why companies apply their own images to their hardware.

Well, aint that awkward. We got that shit on our machines at work. Security guys are working on it.

 

The prevailing theory over at r/sysadmin seems to be that it was left in by the developers of the driver due to negligence, not malice. The keylogger was likely used as a debugging tool during development. Still, QA at Conexant and HP both missed it, and Microsoft apparently trusts PC manufacturers and doesn't check these things themselves, which is why that driver went out via windows update as well.

 

Depending on which version you have, the logger either sends the info over the OutputDebugString API or, in a later version, saves the keystroke history as hex-codes to a file called C:\Users\Public\MicTray.log in plaintext.

 

Here, for those who want to remove it via script:

 

[zMeul]

update: http://www.zdnet.com/article/keylogger-found-on-several-hp-laptops/

 

HP issued a fix that removes the keylogger

Quote

HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices.

Nash didn't how many models or customers were affected, but did confirm that some consumer laptops were affected.

He also confirmed that a handful of consumer models that come with Conexant drivers are affected.

 

[Kherm]

HERE'S AN UPDATE

 

Apparently, it wasn't a keylogger at all. It's actually a debugging tool that mistakenly made it's way onto production machines. 

The best part? It's already been fixed

 

Source: https://www.thurrott.com/windows/windows-10/115965/hp-keylogger-mistake-already-fixed

 

I think we overreacted 

[leadeater]

8 hours ago, Kherm said:

HERE'S AN UPDATE

 

Apparently, it wasn't a keylogger at all. It's actually a debugging tool that mistakenly made it's way onto production machines. 

The best part? It's already been fixed

 

Source: https://www.thurrott.com/windows/windows-10/115965/hp-keylogger-mistake-already-fixed

 

I think we overreacted 

And the difference between a keylogger and a software feature that records all key strokes to a clear text file is? Sure it was never designed to be one and was a necessary tool, or deemed to be, during the development of the driver and associated software but unfortunately it is was it is.

 

Reaction was justified, how many passwords were sitting in that file potentially accessible to many people. A lot of networks don't have fantastic security and default shares like C$ are accessible to more people than it should as they give all staff administrator rights to all laptops/workstations.

 

And creating a fix isn't a instant solution to the problem, people actually have to apply it and it doesn't help much to down play how bad this could have been.

[mr moose]

On 5/12/2017 at 0:12 AM, zMeul said:

you mean allowing only their own MS Labs certified keylogger 

 

That doesn't exist, I ran defender several times and the pc was clean. 

[Castdeath97]

On 11/05/2017 at 2:35 PM, Misanthrope said:

Here's my solution (not really but it's a nice aside anyways) We need a laptop form factor to build on. Even if it is kinda chunky I'll take that over pre-built laptops any day.

We have got OEM laptops from the likes of Clevo at least.