Conexant HD Audio Driver in HP laptops contains a Keylogger; Fix available

Some HP laptops are reportedly monitoring and logging all your keystrokes, warns security searchers. The report states that an audio driver installed in the HP laptops comes with a ‘built-in keylogger’ which records all your keystrokes and stores it in an unencrypted log file. So, anyone having an access to your PC can now get your passwords, messages or other data using this log file.Conexant HD Audio Driver in HP laptops

Modzero, a Switzerland-based security consulting firm posted in a report that the Conexant HD Audio Driver version 1.0.0.46 of various HP laptop models allowed keylogging.

The file in question MicTray64.exe, is an executable file of the pre-installed audio driver that responds whenever you press a key and record it in a log file on the hard drive on your PC. The log file is overwritten every time you log in to your PC and press any key.

This bug reportedly has been in the HP laptops for more than a year but was never noticed or reported – however, it is an unintended glitch. The code for this functionality appears to have been included by mistake.

Modzero writes,

“This type of debugging turns the audio driver effectively into keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”

Below is the list of HP laptop models that come with Conexant drivers are affected-

  • HP EliteBook 820 G3 Notebook PC, 828 G3, 840 G3, 848 G3, and 850 G3 Notebook PC
  • HP ProBook 640 G2, 650 G2, 645 G2, 655 G2, 450 G3, 430 G3, 440 G3, 446 G3, 470 G3, and 455 G3 Notebook PC
  • HP EliteBook 725 G3 Notebook PC, 745 G3, 755 G3, and 1030 G1 Notebook PC
  • HP ZBook 15u G3 Mobile Workstation, 17 G3 Mobile Workstation, 15 G3 Mobile Workstation, and HP ZBook Studio G3 Mobile Workstation.
  • HP Elite x2 1012 G1 Tablet, HP Elite x2 1012 G1 with Travel Keyboard, HP Elite x2 1012 G1 Advanced Keyboard
  • HP EliteBook Folio 1040 G3 Notebook PC and Folio G1 Notebook PC

To see if you are affected you may open C:\Windows\System32 and check the version of MicTray64.exe or MicTray.exe if it exists.

Talking about the bug, an HP spokesperson said,

HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.

HP has released the patches which remove the keylogger as well as delete the log file storing the keystrokes. The fix is available on Windows Update and HP.com for 2016 and later affected HP models. For earlier models, it will be pushed out on Friday.

A Reddit user _My_Angry_Account_ has also suggested a tweak to the following Registry key that can help affected HP laptop users circumvent this bug.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\currentversion\image file execution options

You can get the details here.

Posted by with Tags

Shiwangi Peswani is a qualified writer and a blogger, who loves to dabble with and write about computers and the Internet. While focusing on and writing on technology topics, her varied skills and experience enables her to write on any topics which may interest her.