{"id":2851,"date":"2017-05-11T15:37:31","date_gmt":"2017-05-11T13:37:31","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2851"},"modified":"2023-05-12T06:34:00","modified_gmt":"2023-05-12T04:34:00","slug":"hp-notebooks-keylogger-in-conexants-audio-driver","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/05\/11\/hp-notebooks-keylogger-in-conexants-audio-driver\/","title":{"rendered":"HP Notebooks: Keylogger in Conexant’s audio driver"},"content":{"rendered":"

[German<\/a>]It's a nasty surprise, what Thorsten Schr\u00f6der, from Swiss modzero AG<\/a>, discovered in Conexant's audio drivers shipped with some HP notebooks. The driver is logging all key strokes and writes it into a public log file \u2013 a security night mare. <\/p>\n

<\/p>\n

\"\"A key logger is a software logging all keystrokes on a keyboard \u2013 also passwords may be logged. Finding such a key logger within an audio driver isn't a thing you expected. <\/p>\n

A bad surprise during device security check<\/h3>\n

Security expert Thorsten Schr\u00f6der<\/a> has been hired to check the security for HP notebooks for a customer. Analyzing the audio driver showed, that this package logs all keyboard entries into a file. The audio driver has been developed and digitally signed by audio chip manufacturer Conexant. Schr\u00f6der has documented the issued within this modzero.ch post<\/a>. Schr\u00f6der wrote: <\/p>\n

\n

Security reviews of modern Windows Active Domain infrastructures are \u2013 from our point of view \u2013 quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation. Here, we often find all sorts of dangerous and ill-conceived stuff. We want to present one of these casually identified cases now, as it's quite an interesting one: We have discovered a keylogger in an audio driver package by Hewlett-Packard.<\/p>\n<\/blockquote>\n

And he asks: <\/p>\n

\n

So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP? The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website. On the other hand, the software was developed and digitally signed by the audio chip manufacturer Conexant.<\/p>\n<\/blockquote>\n

In some cases, audio drivers are used, to detect a keystroke combination to activate or deactivate a microphone.  <\/p>\n

A full blown key logger<\/h3>\n

Schr\u00f6der found out, that the developers has added a full featured key logger into the audio driver. In version 1.0.0.46 the driver logs all key strokes into the public file:<\/p>\n

C:\\Users\\Public\\MicTray.log<\/em><\/p>\n

It seems, that the driver has this 'feature' since December 2015. The driver is shipped with the following file names:<\/p>\n

C:\\Windows\\System32\\MicTray64.exe <\/em><\/p>\n

or <\/p>\n

C:\\Windows\\System32\\MicTray.exe<\/em> <\/p>\n

depending on the Windows architecture. <\/p>\n

No spyware \u2013 no responsibility<\/h3>\n

Schr\u00f6der writes: He didn't find signs, that this is an intended backdoor or key logger. Neither HP nor Conexant are claiming they are responsible for this feature. Therefore Schr\u00f6der published a Security-Advisory<\/a>. (via 4chan.org, via heise.de). <\/p>\n","protected":false},"excerpt":{"rendered":"

[German]It's a nasty surprise, what Thorsten Schr\u00f6der, from Swiss modzero AG, discovered in Conexant's audio drivers shipped with some HP notebooks. The driver is logging all key strokes and writes it into a public log file \u2013 a security night … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580,2],"tags":[831,830,414,829,69,194],"class_list":["post-2851","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","category-windows","tag-audio-driver","tag-conexant","tag-hp","tag-key-logger","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=2851"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2851\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=2851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=2851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=2851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}