HP has issued an update to remove a keylogging mechanism found in the audio drivers included with some of its high-end laptops.
HP Vice President Mike Nash told Axios — a tech news site — that his company had released an update to the maligned audio drivers last night.
The updates will reach users via Windows Update, with updates for 2016 laptop models going live last night, and updates for 2015 laptop models going live today.
If users can't wait, or they want to review the update package, the file is here, and an HP driver update summary is here.
Keylogger found on HP laptops sold since late 2015
The HP keylogger scandal came to light yesterday after Swiss cyber-security firm modezero discovered that the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models came with a file called MicTray64.exe that logged all the user's keystrokes to a local file.
This log file was never sent to HP or Conexant, but its mere presence on users' computers was an issue, as malware or any other person could copy the file and extract passwords or online chats from that file.
That particular audio driver was only installed on 28 laptop models that HP had been selling since late 2015.
HP: Keylogger feature was just debugging code
Nash says the keylogger feature was only debugging code that was mistakenly left inside the driver package by the Conexant team.
The HP update not only removes the driver's keylogger capabilities, but also the log file where these keystrokes were saved. Users that have backups should take great care not to restore an older version of this log file, normally stored at "C:\Users\Public\MicTray.log".
Yesterday, when modzero published its report, some experts said that other vendors that also used that particular audio driver made by Conexant were also affected. At the time of writing, hardware and security experts weren't able to discover a similar feature in Conexant drivers installed on the laptops of other manufacturers.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
scogard - 8 years ago
Hi, I don't believe you are referencing the correct update. You have the update as sp79420, which is actually from March and is driver version 10.0.931.89. The correct update to address the keylogging issue is version 10.0.931.90 and is available as update sp80264, release date May 11th, available here: http://ftp.hp.com/pub/softpaq/sp80001-80500/sp80264.exe The details are here: http://ftp.hp.com/pub/softpaq/sp80001-80500/sp80264.html Thanks!
campuscodi - 8 years ago
Yes. You are right. The link I received via email was incorrect.
unknown0987 - 8 years ago
It looks like HP superseded 80264 with 80323 on 5/14:
ftp://ftp.hp.com/pub/softpaq/sp80001-80500/sp80323.html
ftp://ftp.hp.com/pub/softpaq/sp80001-80500/sp80323.exe
The executable for 80264 is no longer available.
geraldgeraldson - 8 years ago
Did HP actually say ___what___ is corrected, explicitly?
geraldgeraldson - 8 years ago
Also, there is an incredible amount of tech-site3 says tech-site1 said tech-site2 talked to guy1 at HP who said such-n-such ... has HP itself posted anything other than the patch and no detail?
KashRex - 8 years ago
Do I need this update for HP Pavilion Notebook - 15-ab101na ?
TheDcoder - 8 years ago
You can find the list of affected laptops in this article: https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/