Nearly thirty different Hewlett-Packard Windows PC models may be recording every keystroke their owners make and storing them in a human-readable file accessible to any user on the PC. Oh, boy.
Switzerland-based security company Modzero recently discovered a keylogger present in an audio program in HP PCs called MicTray. Modzero reported it on their blog early Thursday morning.
You can also find a complete list of affected HP PC models in the company’s security advisory. Affected models include PCs from the HP Elitebook 800 series, HP ProBook 600 and 400 series’, the EliteBook Folio G1, and others. The program has existed on HP PCs since at least late 2015, Modzerosays.
The keylogger in question appears to be a creation of either HP or Conexant, one of HP’s component partners. PCWorld has contacted HP and Conexant for comment. We’ll update this article if the companies respond.
While the keylogger sounds nefarious, it’s appears to be the result of some poorly conceived solutions to legitimate problems. The software in question is designed to identify whether a user has entered certain keystrokes that activate audio hardware features, according to Modzero. The program could be monitoring to see whether a microphone is supposed to be on or off, for example.
But in addition to monitoring for specific key presses there are also some diagnostic and debugging features built into the software, Modzero says. The end result is that as of MicTray version 126.96.36.199 all keystrokes on affected HP PCs are recorded in human readable format and accessible at C:\Users\Public\MicTray.log.
That file could contain sensitive information such as passwords and usernames, as reported byModzero. The file is overwritten with every login on the PC, but that erased content could still conceivably be retrieved by a sophisticated attacker.
The impact on you at home: If you have an HP PC, first check to see if the program in question exists on your PC as either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe. If it does exist, Modzero advises deleting or renaming it to prevent MicTray from running and logging your keystrokes; however, that may mean some of the media keys on your PC will no longer function.
Next, go to C:\Users\Public\MicTray.log and erase that file. If you don’t see it, click the View tab in File Explorer and check off the Hidden items checkbox. Also keep in mind that if you make regular back-ups of your hard drive that include the Public folder, the keylogging file may also exist there with sensitive information in plain text for anyone to see.