HP Laptops Found with Keylogger Built Into Audio Driver
-
@momurda It would take about a single day for the average computer to brute force that password.
-
@momurda Not right now. I may play around with it tonight. Comodo has a crazy task manager that I'll run on it tonight
-
@momurda said in HP Laptops Found with Keylogger Built Into Audio Driver:
But since football is in the dictionary it is likely much easier if your algorithm does dictionary before trying random strings. Either way, it is much easier to do if youre recording keystrokes.
Yep, dictionary word = not even bothering with brute forcing.
-
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@momurda It would take about a single day for the average computer to brute force that password.
What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?
That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?
That makes sense.
-
Last night, I fired up KillSwitch (Comodo Task Manager on Steroids), killed the process - MicTray_64.exe (can't really remember) and the log file was released for editing / viewing.
Sneaky. -
-
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
-
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
-
@StrongBad said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.
The driver is Conexant via whomever it's hardware ends up on.
Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?
In all honesty, I don't know. But I wouldn't be surprised if it ended up on a bunch of OEM branded equipment. I'm guessing that HP's just got found out 1st.
-
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
A blank log file today could be used to reduce suspicion of a full one tomorrow.
-
The prior log file was blank with an edit date of 1/16/17.
-
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it