The Swiss company Modzero, specialized in computer security, has just pointed out the presence of a keylogger (software allowing to record everything typed on the keyboard, whether it is displayed on the screen or not), installed by default on many Hewlett-Packard PCs sold from the end of 2015.
Integrated into an executable relating to a sound card driver for the models concerned (EliteBook, ProBook and some ZBooks), this keylogger was launched each time Windows was started since it was present in the “MicTray64.exe” file, itself included in the scheduled tasks of the OS. If the thing is not a malicious intention of HP or its subcontractors, it is a major security flaw that the manufacturer – fortunately – hastened to correct.
Depending on the “Conexant HD” driver (making it possible to ensure the correct functioning of specific keys, such as the volume controls), the “MicTray64.exe” executable was loaded at each start-up to carry out diagnostics. However, instead of focusing only on certain keys, the software monitored the entire keyboard, creating a text file named “MicTray.log” each time Windows was started.
A very useful text file for potential hackers
Automatically deleted each time a new session is opened, the content of this famous “MicTray.log” was nonetheless accessible, because it was always present somewhere on the hard drive (or SSD) of the PC concerned.
Needless to say, any motivated hacker (and smart enough to retrieve deleted content) just had to use it. Everything that had been typed on the PC during the last sessions was then accessible, including any usernames and passwords.
Only a few hours after the disclosure of this security flaw by Modzero, the president of HP indicated to the American site ZDnet , that a patch was available and accessible via Windows Update, as well as on the official HP site.
The interested party also added that this keylogger had been “ integrated by mistake into the source code of the driver, and that it was not intended to be deployed on end user terminals ”.
Here is the list of PCs affected by this flaw:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC