HP is selling laptops that could be in the business of logging every keystroke used on them. This problem doesn’t come from HP, but rather a device driver from Conexant that comes pre-installed on the affected laptops.
Modzero, a Swiss security firm, warned that the problem comes from the MicTray64.exe file. The driver collects keystroke data in order to react when the user press selected function keys. What it also does is save all this data in text format to a log file. Which means that it can be read by just about any word processing software.
The danger here is that anyone who gains access to the log file will then be able to view just about everything typed on the computer since the most recent boot. This includes passwords and credit card information.
Thus far, neither HP nor Conexant have commented on the issue; which is what lead Modzero to issue the advisory.
At the moment, the problem affects the HP EliteBook, HP ProBook, HP ZBook, and HP Elite families. Users can check if they are affected by performing a search for MicTray.exe or MicTray64.exe. It should also be noted that it’s in driver version 220.127.116.11 and later where the problem is the most prominent. But that only seems to be because the earlier drivers are less obvious about logging keys.
It doesn’t look like there is any malicious intent behind device driver. Instead, it looks like a poorly designed debugging system. Still, HP users should look into preventing the driver from loading now that this is now becoming common knowledge. It won’t take long for actual cybercriminals to begin taking advantage of the situation.
[Source: Ars Technica]