Security researchers at Modzero have discovered software that comes pre-loaded on some HP laptops which saves a copy of everything you type in a plain text file. The good news is that the software doesn’t appear to have been designed specifically to spy on you or send your data to anyone. The bad news is that it’s still a huge security flaw that could make your data vulnerable… and it could have been easily avoided.

HP has yet to respond to the situation, but it’s relatively easy to disable the software on your own. It just might lead to a few features not working properly.

Update: HP tells Axios it’s released a fix for 2016 model computers via Windows Update today, and promises a fix for 2015 laptops is coming soon. The keylogger was apparently debugging code that was never supposed to have been included in the shipping version of the software. 

Original article continues below:

So here’s the deal: you know how a lot of laptops have media keys that let you do things like play or pause music or video files by pressing a specific key or combination of keys? Some HP computers have an application called MicTray which monitors your keystrokes specifically to enable that function.

The problem is that it doesn’t just monitor the times you press the media keys on your keyboard. It keeps track of everything you type… including usernames, passwords, bank account numbers, and other sensitive data.

All of that is stored in a plain text file called MicTray.log. Laptop Magazine notes that the file doesn’t actually show a transcript of every word you type, but instead includes a list of keystrokes that say something like Mic target 0x1 scancode 0x1e flags 0x0 extra 0x0 vk 0x41 (which means you typed the letter “a.”

But since the data is not encrypted, anyone who obtains the file and knows how to read it would be able to access sensitive data you’ve typed.

The file is erased automatically every time you reboot your computer or login as a different user. But if you’re the sort of person that uses sleep more often than shut down or reboot, that file might include an awful lot of sensitive data. And as Modzero points out in its blog post on the topic, if you use an online backup solution, that plain-text file might be sent over the internet, where it’s sitting on a remote server.

It’s not clear if it was HP or Conexant, the developer of the audio driver on these computer that made the decision to log every keystroke without at least encrypting or obfuscating the data in some way.

But Modzero notes that you can check to see if your PC is affected by looking to see if there’s a file at C:\Users|Public\MicTray.log. And you can disable the feature by deleting or renaming either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe, depending on which is installed on your computer.

With the application disabled, media playback controls may not work properly.

You can find more details, plus a list of PCs that are known to be affected at Modzero’s website, but here are a few affected models:

  • HP EliteBook 700 and 800 series G3 notebooks
  • HP ProBok 600 series G2 notebooks
  • HP ProBook 400 series G3 notebooks
  • HP Elite x2 1012 G1 2-in-1 tablet
  • HP ZBook 15u, 15, 17, and Studio  G3 mobile workstations
  • HP EliteBook Folio G1 notebook

via PC World

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,452 other subscribers

6 replies on “Some HP computers might be logging your every keystroke… in plain text”

  1. My HP laptop came with 2gb RAM, a 5400 RPM 500gb hard drive and Windows 10. It was so slow, it was almost unusable. I tried everything to speed up the factory install, but no luck. I’m sure the key logger was adding to the slowness. So, I upgraded the RAM to 16gb, swapped out the hard drive for an SSD and installed Linux. Now it runs WAY faster, without Windows 10!

  2. Thanks for the heads up. My week old EliteDesk 800 mini G3 had this software yesterday. Today it has no HP software. My Spectre X360 from last year did not have it. I guess it wasn’t important enough to key log. As I was making my transition from Macs, I did not even consider Lenovo due to some of their indiscretions a few years ago. Looks like HP may make that list as well. Even if this is sloppiness, it does not reflect well on their commitment to provide a quality experience.

  3. My HP Spectre x2 12 has this log file, but it’s empty as far as I can tell. Thanks for the heads up Brad.

  4. That’s amazing. It’s hard to imagine this getting through such a large builder and nobody along the line saying, “Hey…”

    1. Quite a few large manufacturers still lack a “security first, endconsumer first” culture. Among them, Sony (malware on music CDs destroying optical drives) and Lenovo (powerful Sailfish malware) also failed terribly. Even one responsible, competent person in every company would be enough to prevent such worst incidents. However, short-sighted shareholder interest cuts every “superfluous” worker. Hardware works regardless of whether it is secure, so dropping security is financially attractive if the company does not look ahead beyond a possible scandal. Furthermore, too few endconsumers care. After Sailfish, Lenovo increased its sales. There is only one way that companies learn (or vanish): do not buy their products. We will see the next case in some company’s products soon because endconsumers do not punish the companies for missing security. Yet. When hackers will exploit some such mistake sincerely, endconsumers might learn some time. So far, only Iran has learned because it was seriously hit.

      1. I agree with a lot of what you said. Many manufacturers are careless with customer security until they get caught. Sometimes it’s just an oversight, sometimes it was poor judgement, in rare cases it was intended to be malicious. I think this was just an oversight with HP since the file gets deleted with every restart, but it still speaks of a culture where products are pushed out before all the bugs are fixed. It is unfortunate that there are little repercussions for blunders. Humans are resistant to change, even when it’s in their best interests, and that includes buying habits. I just read an article on that last night on a different topic (that I’m not going to mention since I don’t want to drag it into the discussion here).
        Just a note: Superfish was the Lenovo malware, Sailfish an operating system.

Comments are closed.