HP Laptops Found with Keylogger Built Into Audio Driver
-
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller said in HP Laptops Found with Keylogger Built Into Audio Driver:
I'm surprised that every vendor isn't being checked, it could be everywhere, in theory.
Agreed. I can't imagine this is limited to only HP. They aren't the only ones using Conexant for audio.
Right so.... who else is affected?
It might be limited to that set. I have stopped the mictray.exe service, deleted the log file referenced, and restarted it. The log file is still empty.
Did it re-create the log file? Even if nothing is in it, that doesn't inspire confidence in the patch!
A blank log file today could be used to reduce suspicion of a full one tomorrow.
-
The prior log file was blank with an edit date of 1/16/17.
-
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
Does not with Lenovo. HP yes in this case. Only works if the issue is software that only comes preloaded.
-
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
-
@travisdh1 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Ambarishrh said in HP Laptops Found with Keylogger Built Into Audio Driver:
So looks like HP released a patch for this https://www.bleepingcomputer.com/news/hardware/hp-releases-driver-update-to-remove-accidental-keylogger/
So most vendors have something on their machine, previously Lenovo, now HP. Getting any machines from a vendor, first thing should be wipe it and install a pre tested, custom build, hope that solves all such issues and guess most companies are already doing it
The problem is that they've taken to adding the stuff you don't want into system drivers. Issue a travelling worker a laptop without sound working? Good luck with that!
Or into the BIOS!
-
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
-
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
What happens if you stop the service? Does it update the file to be the right size and show all your passwords?
-
How do these product meetings go? And how does someone learn programming without understanding the vulnerabilities in this?
Lead: "So we need to basically monitor all keystrokes. Would be a good idea to store them all in a plain text file too, just in case. All management and CEO think this is a great idea."
Programmer: "Seems legit. There's probably a Windows API hook for this.....[runs back to desk]"
-
@guyinpv that's probably not to far from the truth.
-
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@guyinpv that's probably not to far from the truth.
Yep. As I continue through my IT career, I learn more and more every day that the folks who seem like true industry "experts" rarely do it any better than anyone else.
-
@anthonyh Really even an expert screws up every once in a while.
-
Certainly there is a conversation in tech about ethics.
If I'm a programmer, I probably have certain ideas about what makes good or bad software or what is good or bad practice.
But really, what can they do? It's like a military-esque "sir yes sir" and just follow orders to program stuff. Why? Because you like money. And having a job is better than having no job. And some people think it's better to ask forgiveness than permission. And when questioned later the response is "I was just doing what I was told".
If I've landed a coveted job at a big corp with all the benefits and latest toys and clearing 6 figures and my whole lifestyle hangs on "build a little keylogger", it's kind of a hard choice.
-
@guyinpv said in HP Laptops Found with Keylogger Built Into Audio Driver:
Certainly there is a conversation in tech about ethics.
If I'm a programmer, I probably have certain ideas about what makes good or bad software or what is good or bad practice.
But really, what can they do? It's like a military-esque "sir yes sir" and just follow orders to program stuff. Why? Because you like money. And having a job is better than having no job. And some people think it's better to ask forgiveness than permission. And when questioned later the response is "I was just doing what I was told".
If I've landed a coveted job at a big corp with all the benefits and latest toys and clearing 6 figures and my whole lifestyle hangs on "build a little keylogger", it's kind of a hard choice.
Programmers working on this kind of stuff are likely working the tech equivalent of a sweat shop.
-
@anthonyh said in HP Laptops Found with Keylogger Built Into Audio Driver:
@DustinB3403 said in HP Laptops Found with Keylogger Built Into Audio Driver:
@guyinpv that's probably not to far from the truth.
Yep. As I continue through my IT career, I learn more and more every day that the folks who seem like true industry "experts" rarely do it any better than anyone else.
I think that the bigger question is... who looked like an industry expert here?
-
@dafyre said in HP Laptops Found with Keylogger Built Into Audio Driver:
@Kelly said in HP Laptops Found with Keylogger Built Into Audio Driver:
Log file is still empty, and still has an edit date of 5/12 when I restarted the service.
What happens if you stop the service? Does it update the file to be the right size and show all your passwords?
Stopped the process. Opened the file, still blank. Restarted the process. Opened the file, still blank. Edit date still 5/12/17.
-
@scottalanmiller Conexant, HP could argue both are industry experts. Conexant sells millions of copies of their hw/sw combo for OEMs every year. Have done for years.
HP has been around for 60+ years selling hw/sw as an OEM. -
@momurda said in HP Laptops Found with Keylogger Built Into Audio Driver:
@scottalanmiller Conexant, HP could argue both are industry experts. Conexant sells millions of copies of their hw/sw combo for OEMs every year. Have done for years.
HP has been around for 60+ years selling hw/sw as an OEM.Vendors are not really experts or not experts, though. They are just vendors. One could argue that Harvard turns out experts, but if we ask a janitor there about heart transplants, we might not get expert level advice.
In this case, HP might be an expert of something, but of what specifically relating to this case? Experts at including what their upstream tells then to include? I'm not saying that HP should not have done more diligence here, but default bloatware installs isn't how systems are intended to be used, that's the "test" install. So it's easy to see that HP would not apply experts that they have to that scenario and we should not see what has been provided by them as a form of advice, certainly not expert style advice. HP's own capacity as an expert is not in question, but whether a situation in which we can perceive them as one is.
Conexant is a hardware manufacturer for audio components. Presumably they have some expertise around hardware design. Driver design for security there is little reason to expect that to exist. Oh it might exist, nothing stopping it. But simply assuming that because someone makes a piece of consumer audio hardware that they are then staffed with good driver writers and good driver writers that are conscious of security concerns and ones that are not being paid off somewhere to look the other way doesn't make sense. Conexant is not the only maker of those drivers, either. So the drivers are not intimately tied to the hardware.
These companies both possess, we assume, expertise in certain spaces. Not doubting that. But I don't think that there is any reason to perceive that the supply chain that brings us consumer bloatware packaged audio drivers would reflect expertise around the areas being assumed here.
It is extremely likely that Conexant's driver team it one or two guys in a third world country with essentially no training and very little oversight. Testing probably comes down to "it works". It would be very surprising if there was a large team of people involved in any way. And the positions are probably very transient. Tribal knowledge likely does not get passed down generation to generation.