ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    HP Laptops Found with Keylogger Built Into Audio Driver

    Scheduled Pinned Locked Moved News
    hplaptopsecuritykeyloggerbleeping computer
    64 Posts 16 Posters 13.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • anthonyhA
      anthonyh @DustinB3403
      last edited by

      @DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:

      @momurda It would take about a single day for the average computer to brute force that password.

      What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?

      travisdh1T 1 Reply Last reply Reply Quote 0
      • travisdh1T
        travisdh1 @anthonyh
        last edited by

        @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

        @DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:

        @momurda It would take about a single day for the average computer to brute force that password.

        What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?

        That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?

        anthonyhA 1 Reply Last reply Reply Quote 0
        • anthonyhA
          anthonyh @travisdh1
          last edited by

          @travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:

          @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

          @DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:

          @momurda It would take about a single day for the average computer to brute force that password.

          What if the authentication back-end implemented a lockout or throttling policy? Like after X attempts the account is locked out and/or authentication responses are delayed by X time?

          That's great so long as it's not an offline attack. IE: Do you know who's seen your salt?

          That makes sense.

          1 Reply Last reply Reply Quote 0
          • S
            scotth
            last edited by

            Last night, I fired up KillSwitch (Comodo Task Manager on Steroids), killed the process - MicTray_64.exe (can't really remember) and the log file was released for editing / viewing.
            Sneaky.

            1 Reply Last reply Reply Quote 1
            • S
              scotth
              last edited by

              https://www.axios.com/hp-says-it-has-a-fix-for-flaw-that-caused-some-pcs-to-log-every-keystr-2403751321.html
              Spiceworks - Spark

              1 Reply Last reply Reply Quote 1
              • KellyK
                Kelly
                last edited by

                So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.

                S 1 Reply Last reply Reply Quote 0
                • S
                  scotth @Kelly
                  last edited by

                  @Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:

                  So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.

                  The driver is Conexant via whomever it's hardware ends up on.

                  StrongBadS 1 Reply Last reply Reply Quote 0
                  • StrongBadS
                    StrongBad @scotth
                    last edited by

                    @scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:

                    @Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:

                    So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.

                    The driver is Conexant via whomever it's hardware ends up on.

                    Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?

                    S 1 Reply Last reply Reply Quote 1
                    • S
                      scotth @StrongBad
                      last edited by

                      @StrongBad said in HP Laptops Found with Keylogger Built Into Audio Driver:

                      @scotth said in HP Laptops Found with Keylogger Built Into Audio Driver:

                      @Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:

                      So I have a Spectre 360 and it has the MicTray64.exe, associated process, and the logfile in C:\Users\Public\MicTray.log. The log file is zero bytes though and appears to be empty. I'm wondering if it isn't logging, or if the list of affected machines is longer than officially announced.

                      The driver is Conexant via whomever it's hardware ends up on.

                      Does that mean that other vendors might have this too? I mean, it might, that we know. But why has only HP been discovered thus far? Is it an HP version of the driver? Is it HP unique hardware?

                      In all honesty, I don't know. But I wouldn't be surprised if it ended up on a bunch of OEM branded equipment. I'm guessing that HP's just got found out 1st.

                      1 Reply Last reply Reply Quote 2
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                        anthonyhA 1 Reply Last reply Reply Quote 3
                        • anthonyhA
                          anthonyh @scottalanmiller
                          last edited by

                          @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                          I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                          Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @anthonyh
                            last edited by

                            @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                            @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                            I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                            Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.

                            Right so.... who else is affected?

                            KellyK 1 Reply Last reply Reply Quote 0
                            • KellyK
                              Kelly @scottalanmiller
                              last edited by

                              @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                              @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                              @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                              I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                              Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.

                              Right so.... who else is affected?

                              It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.

                              travisdh1T 1 Reply Last reply Reply Quote 0
                              • travisdh1T
                                travisdh1 @Kelly
                                last edited by

                                @Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                                Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.

                                Right so.... who else is affected?

                                It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.

                                Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @travisdh1
                                  last edited by

                                  @travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                  @Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                  @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                  @anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                  @scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                  I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.

                                  Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.

                                  Right so.... who else is affected?

                                  It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.

                                  Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!

                                  A blank log file today could be used to reduce suspicion of a full one tomorrow.

                                  1 Reply Last reply Reply Quote 1
                                  • KellyK
                                    Kelly
                                    last edited by

                                    The prior log file was blank with an edit date of 1/16/17.

                                    1 Reply Last reply Reply Quote 0
                                    • AmbarishrhA
                                      Ambarishrh
                                      last edited by

                                      So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/

                                      So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it

                                      mlnewsM travisdh1T 2 Replies Last reply Reply Quote 0
                                      • mlnewsM
                                        mlnews @Ambarishrh
                                        last edited by

                                        @Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                        So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/

                                        So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it

                                        Does not with Lenovo. HP yes in this case. Only works if the issue is software that only comes preloaded.

                                        1 Reply Last reply Reply Quote 0
                                        • travisdh1T
                                          travisdh1 @Ambarishrh
                                          last edited by

                                          @Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                          So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/

                                          So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it

                                          The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!

                                          StrongBadS 1 Reply Last reply Reply Quote 1
                                          • StrongBadS
                                            StrongBad @travisdh1
                                            last edited by

                                            @travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                            @Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:

                                            So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/

                                            So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it

                                            The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!

                                            Or into the BIOS!

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 4 / 4
                                            • First post
                                              Last post