HP issues urgent security update
Posted: May 19, 2017
Dozens of laptop models sold by HP contain built-in "keylogging" technology that stores everything users type, researchers have warned.
The records of what users type on the keyboard were stored in plain text on the computers, meaning anyone with access to them could read messages, passwords, web searches and credit card numbers if they knew where to look.
HP issued a fix for some of the affected models on Thursday night and promised another for the rest of the devices would be released today.
The bug affects 28 HP laptops sold in 2015 and 2016, including EliteBook, ProBook and ZBook models.
HP did not install the keylogging software deliberately, the researchers said, but it was included as part of a driver for Conexant, whose audio chips are included in the laptops.
The driver monitored keystrokes to look out for users pressing audio control keys to pause or change volume but monitored and stored the entire keyboard activity. Modzero, the security company that discovered the flaw, said it could also feature on other laptop brands.
Keyloggers are seen as one of the most malicious forms of computer viruses, capable of tracking everything user types and sending them to hackers remotely. Although there is no suggestion that the HP bug shared any of the data, if a computer was shared or someone got hold of it, a wealth of personal information would be at their disposal.
The file where users’ keystrokes are stored on the laptops is overwritten every time computer reboots, but computer forensics experts are able to recover deleted files.
"There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers — which makes the software no less harmful," Modzero’s researchers wrote.
It said it had revealed the flaw to HP and Conexant, but that neither had responded to contact requests.
"HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs," a spokesman said.
"HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com."How to tell if you’re affected and what to do
Modzero says the following types of laptop featured the keylogger:
- HP EliteBook G3 Notebook PC, models 820, 828, 840, 848, 850
- HP ProBook G2 Notebook PC, models 640, 645, 650, 655
- HP ProBook G3 Notebook PC, models 430, 440, 446, 450, 455, 470
- HP EliteBook G3 Notebook PC models 725, 745, 755
- HP EliteBook G1 Notebook PC model 1030
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet, with and without Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook G3 Mobile Workstation HP, models 15, 17, Studio
- HP EliteBook Folio G1 Notebook PC
The files can be checked by searching Window for C:\Windows\System32\MicTray.exe or C:\Windows\System32\MicTray64.exe, depending on what version of Windows you are running.
They can be deleted, although Conexant said this would stop special keys for audio control to stop working.
HP has issued a software update for models sold in 2016 through Windows Update, and said one for 2015 laptops would come on Friday. It can be found by opening the Start menu, going to Settings, then Update & Security, and Windows Update.