HP laptops come with keylogger in the audio driver


#1

Originally published at: http://www.myce.com/news/hp-laptops-come-keylogger-audio-driver-81974/

A potential keylogger has been found by security researchers in many Hewlett Packard laptops. The Swiss security firm modzero found the vulnerability in April and have released details to the public today. The keylogger was found within the pre-installed Conexant HD Audio Driver Package version 1.0.0.46 and earlier. Within that package, there is one file…


#2

Why would there be a need for this file to log keystrokes just to know when a hotkey is used? Sounds like some sort of NSA/CIA backdoor they built into the software.


#3

From what I’ve read, its more likely incompetence than malice. HP has issued a fix for their customers.

One thing I didn’t mention was the fact that the file was overwritten every time the computer was rebooted. So accumulated data would only occur if you made periodic backups somewhere, or if you rarely shut down the laptop.


#4

If the file is overwritten on reboot then I feel like I can loosen my tin foil hat a little.


#5

I’m going to take a guess and say that one could make a Scheduled Task to delete the file (IDK if the file is locked). This task should be auto-executed frequently.

Of course, preventing the file from being executed (or better yet, deleting the file) would ultimately be the best solution.