Update: Since publishing our initial story yesterday, HP has been in touch with us to provide a statement, confirming that HP did not develop the key logging driver itself. However, it has since been in touch with the developer and will be rolling out a fixed version later today.
Here’s the statement: “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com.”
Further details are due to arrive later today. The fixed audio driver should also be up very soon.
Original story: It looks like HP is about to get an earful from the privacy conscious and security experts as this week, a firm discovered that HP has been shipping audio drivers with a built-in keylogger since at least 2015.
As discovered by security firm, ModZero, HP has been including an audio driver for its laptops developed by a company known as Conexant. The driver’s main purpose appears to have been to detect when a certain key is pressed. However, a number of debugging features have ended up ensuring that all keystrokes are recorded and written to a log file. This file can be found in the C:/user/public area of the drive and while it is wiped each time you log in to Windows, those who make regular backups could have years of keystroke activity saved and stored on their system.
Here is how ModZero explains it: “The most recent version 18.104.22.168 implements the logging of all keystrokes into the publicly for any user readable file C:\Users\Public\MicTray.log. Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools. If you regularly make incremental backups of your hard-drive – whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups.”
ModZero got in touch with both Conexant and HP and neither responded, which is why this information is now being published. The report ends by noting that there is no evidence to suggest that the keylogger was implemented intentionally but should still be considered dangerous nonetheless. All the developer would need to do is disable logging and reset to debug-logs in the development environment. By doing this, they would no longer be compromising the data of users.
KitGuru Says: While this may not have been an intentional inclusion, it is slightly alarming. Hopefully now that the information is public, HP will go back and do something about it.