HP laptops have been shipping laptops with built in keyloggers since at least 2015, according to Swiss security firm, Modzero.
Modzero discovered that HP updated its audio drivers in 2015 with new debugging and diagnostic software. This software was able to determine if a specific key had been used.
Keystroke logging, or key logging, is the ability for a computer to record every key that is pressed on the keyboard of a computer. This is often used by hackers to gain fraudulent access to passwords and other confidential information.
In a blog post Modzero said: “So what’s the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?”
“The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website. On the other hand, the software was developed and digitally signed by the audio chip manufacturer Conexant.”
Modzero investigated the Conexant chip and found that the audio drivers of HP Laptops had been poorly implemented in a way that essentially made them spyware. Modzero claims that by analysing the metadata of the service they have been able to determine that these measures have been in place since at least Christmas 2015.
Modzero then delved further and found that the situation was actually much graver than initially thought. Not only were these keys being logged, they were being logged in a publicly readable location on the machine itself file C:\Users\Public\MicTray.log.
The blog post stated: “If you regularly make incremental backups of your hard-drive – whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups.”
Modzero has noted in the blog that everyone who owns a HP laptop investigates their own C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and delete or rename the application to try to halt the process.
HP has not yet commented on the story.