Certain HP laptops are found recording users' keystrokes

An audio driver supplier called Conexant may have accidentally implemented the keylogging function

Hewlett Packard
Magdalena Petrova (IDG Worldwide)

Over two dozen HP laptop models have been secretly recording users’ keystrokes, possibly by mistake, according to a Swiss security firm.

The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.   

The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.

In other cases, the keystrokes will be passed to a Microsoft Windows debugging interface on the PC, and expose them to possible capture, Modzero said.      

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers,” the security firm said in its blog post.

Nevertheless, the keylogger still poses a security risk. Anyone, including malware writers, can look up what a user has been typing by exploiting the affected audio driver or looking up the log file created.

“Investigators with access to the unencrypted file-system might be able to recover sensitive data of historic key logs as well,” Modzero said.

In a short statement, HP said it was aware of the issue. "HP has no access to customer data as a result of this issue. We have identified a fix and will make it available to our customers," the company said.

According to Modzero, the audio driver is used in certain HP EliteBook, ProBook, ZBook models. A full list of affected products can be found here.

Fortunately, the software is easy to remove. It’s located at c:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and can be deleted, although this may cause the special function keys on the laptop to no longer work.   

The keystroke log file it creates should also be erased, and is located at C:\Users\Public\MicTray.log. 

Modzero said the developer of the audio driver is a U.S. company called Conexant, which produces audio and voice related applications. Conexant did not immediately respond to a request for comment.

Modzero discovered the problem on April 28, but claimed that both HP and Conexant hadn't responded to the security firm's contact requests. 

Thorsten Schroeder, CEO of Modzero, said other laptops from Dell, Lenovo and Asus don't appear to have the same problem. But because Conexant appears to develop software for other hardware vendors, the keylogging issue may exist in other devices, he said in an email. 

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon