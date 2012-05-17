from the check-your-backups dept.
ITworld has a story about certain Hewlett-Packard laptop computers:
The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.
The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.
The problematic driver is called MicTray64.exe — versions 1.0.0.31 through 1.0.0.46 are known to be affected. The logged keystrokes are written either to the world-readable file C:\Users\Public\MicTray.log or through the OutputDebugString API. The latter can be observed using Microsoft's debugview utility.
The Modzero website has the technical details.
ThreatPost adds:
ModZero is warning the issue (CVE-2017-8360) could lead to the leaking of sensitive user information, such as passwords. Anyone with access to the unencrypted file system could recover the data. Furthermore, since the program isn't considered malicious, malware authors wouldn't have trouble capturing victim's keystrokes either. Researchers say the keylogger comes registered as a Microsoft Scheduled Task, so it runs after each user login. While the file is overwritten each time, ModZero says it could easily be recruited by a running process or analyzed by someone with forensic tools.
Researchers surmised the software has been recording keystrokes since version 1.0.0.31 was released, on Christmas Eve 2015, but stress that the same problem exists in the most recent version, 1.0.0.46, released last October.
ModZero also warns the audio driver comes installed on a slew of HP machines, including its EliteBook, Elite x2, ProBook, and ZBook lines, but could exist in other machines. The company also delivers audio drivers for Dell, Lenovo, and Asus machines although at this point it's not certain they feature the same audio driver.
The firm says the following HP products are affected however:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
Other coverage:
Ars Technica.
(Score: 2) by c0lo on Saturday May 13, @12:51AM (1 child)
Time-to-market and "good enough software" will do that for ya!
Because, you see, lately software is a commodity, not a product of engineering.
(Score: 0) by Anonymous Coward on Saturday May 13, @01:07AM
No time to compile a release build! Ship the debug build!
(Score: 2) by drussell on Saturday May 13, @12:55AM (1 child)
:facepalm:
That's all I can say....
(Score: 0) by Anonymous Coward on Saturday May 13, @01:05AM
At my high school we pranked the teacher by installing a keylogger on his laptop and then we laughed at his stupid passwords. The high school I went to, they asked a kid to prove the law of gravity, he threw the teacher out the window.
Reply to This
(Score: 0) by Anonymous Coward on Saturday May 13, @12:57AM
This is what happens when you fire all the Devs and replace them with DevOps can only think in terms of logging everything into the big data cloud for social data mining. Except in this case the log is a local file. Or is it? Did anyone check for network activity, hmm?
