Yusuf On SecuritySecurity news, opinion and advice

HP accidental keylogger 

Security researchers from the Switzerland discovered HP shipped some laptops with a keylogger. The code is part of the audio driver software which allows playback of audio sounds. Unfortunately this captures every keypress you make and saves it locally (C:\users\public\MicTray.log). The initial reaction from HP is that they are not getting these transcripts of your typing action at all. This of course is a serious mistake as the keylogger could records passwords, credit card details and anything and everything you type on the keyboard. This treasure trove resides in the public users directory in a file called MicTray64.exe (C:\windows\system32\mictray64.exe). The reason put forward by the vendor is that their audio driver programmers used the key-logging software for debugging purposes and inadvertently missed to take it out before kicking the audio driver out of the door for general release.It has to be said the mishap in itself is pretty disastrous for HP as you need to have a rigorous software qualify control. You need to check whether the software you are releasing is actually the code you need to ship.

This was not the end of the story for the giant software company. After the uproar HP has quickly pushed out an update to remedy the flaw. What they have done however has not gone too far to exactly do what the security community expected them to do. They simply turned off the registry key setting but left the code in. They did not take the keylogging functionality out of the driver. In essence it could be turn on. 

Obviously we are living in interesting times and you can imagine the bad guys piggybacking on this and taking advantage of the existence of this log. As the job of capturing the keystrokes is done all the crooks have to do is siphon off the content of the log and sell it on the dark web. 

To give HP the benefit of the doubt, I am sure the initial temporary fix was meant to limit the danger until a more complete fix is released. 

Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts