If you use one of HP’s business PCs – an EliteBook, ZBook or ProBook – your laptop may have come with a preloaded keylogger recording everything you type into an unencrypted log file. Swiss security group ModZero first discovered the security flaw in the preloaded Conexant audio driver that appears on many of these notebooks. The driver is supposed to be watching to see if you hit keys that launch certain audio functions, but instead writes every single stroke into an easily-accessible text file. Using an HP EliteBook 1040 G3, we were able to verify the issue ourselves. After we updated to the latest version of the Conexant driver, which was dated March 20, 2017, a text file located at C:\Users\Public\MicTray.log began showing a detailed list of all the keys we’d pressed. However, the strokes would be hard for an average person to read, because they are stored as hexadecimal keyboard scan codes, with one stroke on each line. So hitting the letter “a” several times gave us a log entry that read like this: Mic target 0x1 scancode 0x1e flags 0x0 extra 0x0 vk 0x41Mic target 0x1 scancode 0x1e flags 0x80 extra 0x0 vk 0x41Mic target 0x1 scancode 0x1e flags 0x0 extra 0x0 vk 0x41Mic target 0x1 scancode 0x1e flags 0x80 extra 0x0 vk 0x41 It took us a little while to figure out that the 0x1e actually is the keycode for the letter “a” and that the rest of the information can be ignored. A very determined hacker could go through all of your strokes and translate them from hex into real characters and try to reconstruct what you wrote. The log file also deletes itself every time you log out of your system so a malefactor would have to get it either from a system backup or while your computer is still on. To check whether you are using one of the affected system, you can look for the C:\Users\Public\MicTray.log file and see if it has any content inside. Some enterprising users on Reddit have figured out a way to disable the software by editing a few values in Window’s registry, so click here to see /u/My_Angry_Account’s guide to manually editing your registry. On Thursday (May 11), HP vice-president Mike Nash told ZDNet that a fix for this keylogging software is available via Windows Update and HP.com for notebooks released 2016 and later, while models released in 2015 will receive a patch today (May 12). Nash also noted that the keylogging code was not supposed to be in laptops sold to the public, noting that it was mistakenly added to the drivers. In a brief statement, an HP spokesperson claimed the company “has no access to customer data as a result of this issue.” Here’s a list of potentially affected laptops, according to ModZero:
HP EliteBook 820 G3 Notebook PCHP EliteBook 828 G3 Notebook PCHP EliteBook 840 G3 Notebook PCHP EliteBook 848 G3 Notebook PCHP EliteBook 850 G3 Notebook PCHP ProBook 640 G2 Notebook PCHP ProBook 650 G2 Notebook PCHP ProBook 645 G2 Notebook PCHP ProBook 655 G2 Notebook PCHP ProBook 450 G3 Notebook PCHP ProBook 430 G3 Notebook PCHP ProBook 440 G3 Notebook PCHP ProBook 446 G3 Notebook PCHP ProBook 470 G3 Notebook PCHP ProBook 455 G3 Notebook PCHP EliteBook 725 G3 Notebook PCHP EliteBook 745 G3 Notebook PCHP EliteBook 755 G3 Notebook PCHP EliteBook 1030 G1 Notebook PCHP ZBook 15u G3 Mobile WorkstationHP Elite x2 1012 G1 TabletHP Elite x2 1012 G1 with Travel KeyboardHP Elite x2 1012 G1 Advanced KeyboardHP EliteBook Folio 1040 G3 Notebook PCHP ZBook 17 G3 Mobile WorkstationHP ZBook 15 G3 Mobile WorkstationHP ZBook Studio G3 Mobile WorkstationHP EliteBook Folio G1 Notebook PC
Laptop Guide
Previous TipNext Tip