Keylogger in HPs audio driver discovered by A swiss security company

catsay · May 11, 2017, 12:32pm

The Publication by modzero:

https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

The details:

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

Notes:

Some testing has confirmed that the keylogger also exists in drivers auto downloaded via Windows update.

Workaround

Delete MicTray executables and logfiles. Deleting the Scheduled Task is not sufficient, as Conexant's Windows Service CxMonSvc will launch MicTray otherwise.
The executable is located at c:\Windows\System32\MicTray64.exe, the MicTray logfile is located at C:\Users\Public\MicTray.log

Affected hardware models:

HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

Affected Operating Systems

Microsoft Windows 10 32
Microsoft Windows 10 64
Microsoft Windows 10 IOT Enterprise 32-Bit (x86)
Microsoft Windows 10 IOT Enterprise 64-Bit (x86)
Microsoft Windows 7 Enterprise 32 Edition
Microsoft Windows 7 Enterprise 64 Edition
Microsoft Windows 7 Home Basic 32 Edition
Microsoft Windows 7 Home Basic 64 Edition
Microsoft Windows 7 Home Premium 32 Edition
Microsoft Windows 7 Home Premium 64 Edition
Microsoft Windows 7 Professional 32 Edition
Microsoft Windows 7 Professional 64 Edition
Microsoft Windows 7 Starter 32 Edition
Microsoft Windows 7 Ultimate 32 Edition
Microsoft Windows 7 Ultimate 64 Edition
Microsoft Windows Embedded Standard 7 32
Microsoft Windows Embedded Standard 7E 32-Bit

Pholostan · May 11, 2017, 12:41pm

Another strong argument for Open Source Drivers. And firmware.

alwaysFlOoReD · May 11, 2017, 3:53pm

Someone explain to me why having a keylogger embedded in a driver would benefit a legitimate company? How would they make money? Or is there some other benefit?

catsay · May 11, 2017, 4:33pm

Read their article, it was there for debugging purposes and left on in the production version and simply wrote logs to disk continuously. Presents a convenient tool/exploit for any potential hackers who might come by and see the prior logs.

alwaysFlOoReD · May 11, 2017, 6:09pm

Sorry, didn't read. Thanks for answer.

Freaksmacker · May 11, 2017, 6:38pm

yup. These companies just do not care and are now openly just running over their customers. Amazing how little regard and how strong they think their position is. Enterprise left debuggers wide open ? Really.

blackfire · May 11, 2017, 9:36pm

I was just wondering the same. Why thou

catsay · May 11, 2017, 9:37pm

Debugging

anon97550313 · May 11, 2017, 10:55pm