Security researchers at Modzero have discovered software that comes pre-loaded on some HP laptops which saves a copy of everything you type in a plain text file. The good news is that the software doesn’t appear to have been designed specifically to spy on you or send your data to anyone. The bad news is that it’s still a huge security flaw that could make your data vulnerable… and it could have been easily avoided.
HP has yet to respond to the situation, but it’s relatively easy to disable the software on your own. It just might lead to a few features not working properly.
Update: HP tells Axios it’s released a fix for 2016 model computers via Windows Update today, and promises a fix for 2015 laptops is coming soon. The keylogger was apparently debugging code that was never supposed to have been included in the shipping version of the software.
Original article continues below:
So here’s the deal: you know how a lot of laptops have media keys that let you do things like play or pause music or video files by pressing a specific key or combination of keys? Some HP computers have an application called MicTray which monitors your keystrokes specifically to enable that function.
The problem is that it doesn’t just monitor the times you press the media keys on your keyboard. It keeps track of everything you type… including usernames, passwords, bank account numbers, and other sensitive data.
All of that is stored in a plain text file called MicTray.log. Laptop Magazine notes that the file doesn’t actually show a transcript of every word you type, but instead includes a list of keystrokes that say something like Mic target 0x1 scancode 0x1e flags 0x0 extra 0x0 vk 0x41 (which means you typed the letter “a.”
But since the data is not encrypted, anyone who obtains the file and knows how to read it would be able to access sensitive data you’ve typed.
The file is erased automatically every time you reboot your computer or login as a different user. But if you’re the sort of person that uses sleep more often than shut down or reboot, that file might include an awful lot of sensitive data. And as Modzero points out in its blog post on the topic, if you use an online backup solution, that plain-text file might be sent over the internet, where it’s sitting on a remote server.
It’s not clear if it was HP or Conexant, the developer of the audio driver on these computer that made the decision to log every keystroke without at least encrypting or obfuscating the data in some way.
But Modzero notes that you can check to see if your PC is affected by looking to see if there’s a file at C:\Users|Public\MicTray.log. And you can disable the feature by deleting or renaming either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe, depending on which is installed on your computer.
With the application disabled, media playback controls may not work properly.
You can find more details, plus a list of PCs that are known to be affected at Modzero’s website, but here are a few affected models:
- HP EliteBook 700 and 800 series G3 notebooks
- HP ProBok 600 series G2 notebooks
- HP ProBook 400 series G3 notebooks
- HP Elite x2 1012 G1 2-in-1 tablet
- HP ZBook 15u, 15, 17, and Studio G3 mobile workstations
- HP EliteBook Folio G1 notebook
via PC World