If you own or use a HP computer it's time to check whether either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe in installed. If either is, you have an active keylogger recording all key presses and need to take action by renaming the executable file.
Usually when a new keylogger is discovered and reported about publicly, it's found to be malicious spyware and the parties affected have responded to the threat. However, in this case the opposite is true. A keylogger was discovered running on HP computers that isn't malicious and the company isn't doing anything about it yet.
The keylogger was discovered by security company modzero AG in an audio driver installed on HP systems. modzero did the responsible thing and made HP aware of its existence. HP Enterprise refused to take responsibility while HP Inc. and the other company involved, Conexant Systems Inc., are ignoring it. So modzero decided to go public "in accordance with out Responsible Disclosure process."
Here's where things get weird. Shipping a system with an active keylogger installed is only really ever going to happen for malicious reasons. But in this case it looks like pure negligence on the part of developers.
The software in question is part of a driver package offered by HP (since Christmas 2015) and related to audio chips manufactured by Conexant. Conexant's integrated circuits appear on numerous sound cards for which they provide drivers. In this case, special key presses are supported for functions such as turning the microphone and recording LED on or off.
Related
- HP Creates Security Web Series Starring Christian SlaterHP Creates Security Web Series Starring Christian Slater
modzero discovered that the software written to detect these special key presses actually records all key presses and stores them in the following plain text log file: C:\Users\Public\MicTray.log for anyone to view. The log is overwritten every time you log back into the computer, but during use it is always recording key presses, which will include any and all passwords entered.
Negligent? Lazy? Call it what you will, but logging all key presses just to detect special key presses is ridiculous. As mentioned above, you can stop it happening by renaming the executable file, however, doing so will stop the special key functionality working. Ideally, HP and Conexant take notice now and fix the problem!
The ride-hailing company could be on the hook for a $1.1 million fine.
The database for gear is already live, but soon you'll be able to sell your used stuff there.
NGC 5907 X-1 is also the furthest pulsar ever observed.
This program spreads out the cost of your laptop over 24 months.
Relax Keylogger Discovered in HP Audio Driver stories
The 'highly sophisticated' phishing campaign appears to have hit a number of journalists, along with individuals from other industries.
The practice of intercepting messages between Americans and foreigners that mention a terrorism suspect will end.
In the US, most requests come from search warrants and other court orders, although some are made using secret "national security letters."
Palantir will have to pay back wages and the value of stock options to several Asian candidates it passed over for employment, in addition to re-extending job offers.
The hacking group, known variously as Fancy Bear or Pawn Storm, uses sophisticated phishing attempts and targets victims seen as at odds with Russian interests, Trend Micro reports.
A breach discovered over the weekend may have exposed the messages and content in a small number of HipChat rooms, the company said.
A lawsuit filed yesterday in the Southern District of New York claims that the Windows version of Confide doesn't offer screenshot protection.
By using non-Latin Unicode characters, it's theoretically possible to register a domain name for a phishing website that looks nearly identical to the one it's trying to spoof.
Secure communication should really be at the top of mind for any entrepreneur. And the best line of defense probably isn't what you think.
37 restaurants confirmed as having malware installed on point of sale equipment and card details stolen between December and March.
A disciplined approach to thinking through problems is vital for everyone striving to succeed.
There are no long geographic limitations on where businesses can find the best talent.
The ability to manage your emotions and remain calm under pressure has a direct link to your performance.
Bots are raiding the FCC's comments in a bid to quash net neutrality.
Tesla didn't quite fulfill its promise to start Solar Roof sales in April, but you thankfully haven't had to wait that much longer to pull the trigger. As of t...
Europe wants a law that prevents Apple and Google from squeezing services like Spotify.
We test the top Identity-Management-as-a-Service (IDaaS) solutions so you can find the best one to easily create and manage users across your company's entire portfolio of cloud-based apps.
NVIDIA's new super-computer is built for training artificial intelligence.
The Isaac plaftorm is a video game-like environment that allows engineers to model robot tasks without fear of causing real-world damage.
France’s strict film regulations may prevent the company from taking part in subsequent festivals.