Posted on Friday, May 12 2017 @ 12:27 CEST by Thomas De Maesschalck
The good news is the data isn't uploaded to the internet and that the file gets wiped after each computer reboot. But there's still reason for concern as this is a major security risk for shared computers and it's also a method of how malware could steal personal information without performing suspicious activities that may trigger anti-virus heuristics.
"This type of debugging turns the audio driver effectively into keylogging spyware," modzero researchers wrote. "On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015."HP laptop with this piece of software have shipped since at least late 2015 and include the EliteBook, ProBook, ZBook and Elite lineups. Computers from other vendors that use Conexant drivers may also be at risk.
The log file—located at C:UsersPublicMicTray.log—is overwritten after each computer reboot, but there are several ways that the contents could survive for weeks, or even indefinitely. Forensic tools make restoring deleted or overwritten files easy. And in the event the computer is backed up regularly, the backups would contain a comprehensive history of everything that was typed on the keyboard—including passwords, e-mails, and contacts. Modzero researchers said they issued the public advisory after both HP and Conexant failed to respond to messages privately reporting the findings.
People can check to see if their HP computer is at risk by searching for the files C:WindowsSystem32MicTray.exe or C:WindowsSystem32MicTray64.exe.At the moment there's no patch. As a temporary fix, you can delete or rename these files but this may break some functionality like causing special function keys for audio to stop working.
Via: ARS Technica
