Keylogger discovered in audio driver on several HP laptops

Dozens of HP laptop models have been found to contain an audio driver that silently logs users keystrokes, according to Swiss security firm ModZero. There does not appear to be malicious intent behind the keylogger, as one might automatically assume, but there is the potential that it could be used for nefarious purposes.

Injecting a keylogger into an audio driver seems like an odd thing, and that's because it is. However, audio chip manufacturer Conexant apparently went that route on several HP laptop models as means of trying to detect when a hotkey is pressed. Shortcuts exist for tasks such as turning a microphone on and off, and that presents a problem.

"The purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive," ModZero says. "This type of debugging turns the audio driver effectively into a keylogging spyware."

This has been a part of the driver packaged offered by HP since at least December of 2015. On affected systems, key presses get recorded and stored in a plain text log file. This is found by navigating to C:\Users\Public\MicTray.log. This log is overwritten each time the system is logged back into, but for that session, it continually records keystrokes, including any passwords or private communications that might get typed.

"Obviously, it is a negligence of the developers— which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn't be problems with the confidentiality of the data of any user," ModZero writes.

ModZero tried informing HP Enterprise (HPE) but says the company refused to take any responsibility for the keylogger. The security firm then contacted HP Inc. and Conexant, neither of which responded to ModZero.

Since nobody from HP or Conexant was willing to own up to and/or correct the issue, ModZero decided to publish the information in accordance with its responsible disclosure process.

If you own an affected laptop model, not only should you delete the aforementioned log file, but you should also rename the executable that causes this to happen. Look for the presence of C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe and rename the file. That will stop the audio driver from recording your keystrokes, at the expense of having access to hotkeys.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Gaming Laptops
The Lenovo Legion LOQ gaming laptop on a blue background
Okay, so it's not technically in the Amazon Big Spring Sale, but this is the cheapest RTX 4070 gaming laptop you'll find today
A promotional image for the Compal Adapt X modular laptop, as presented by the iF Design Foundation
If you've ever wanted to upgrade a laptop with 'modular AI units' then Compal might just have the very thing you're looking for
MSI Raider gaming laptop
Become Dragonforged, achieve dominance
The Dell G16 7630 RTX 4070 gaming laptop on a teal deals background
It might be a bit of a chonk, but this 240 Hz RTX 4070 Dell gaming laptop is a seriously powerful machine for $1,300
The UHPILCL water cooled gaming laptop
This water-cooled gaming laptop packs a full-size desktop RTX 5090 and even fits in a backpack, but I sure wouldn't want it in mine
Lenovo Yoga Solar PC
Lenovo's clever solar-powered laptop can turn 20 minutes of sunlight into an hour of video playback but sun-powered mobile gaming still isn't a goer
Latest in News
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened