Jun. 23rd, 2017

marahmarie: my initials (MM) (Default)

In a weird twist, it's not HP recording your keystrokes on certain desktops and laptops - technically it's a Conexant audio driver that does the actual keystroke recording (it includes a debugging program that went a little haywire; whether that's by design or error is not yet known). HP has since released a security advisory that claims the driver's keystroke logging is "caused by a local debugging capability that was not disabled prior to product launch".

Because Conexant makes audio drivers for many computer brands, this privacy intrusion may ultimately affect many other computer, laptop and tablet makes and models, as well.

That means check your tablet, laptop or computer for this driver - no matter which make, model, form factor or version of Windows you have.

You can follow these steps to find the Conexant audio driver on your device and to get a new HP driver without the keylogger in it:

  1. Using Cortana or a search tool like Everything, look for C:\Windows\System32\MicTray.exe or C:\Windows\System32\MicTray64.exe (you can right-click, copy and paste these words right from here into either one of those tools).
  2. If either file turns up, right click the computer taskbar, select Task Manager and look for either MicTray.exe or MicTray64.exe. If either of these turns up, right-click it and select End task.
  3. Go back to the file you found in C:\Windows\System32, right-click it and delete it.
  4. Install the latest HP driver from here. [ed. note: requires FTP to download]
  5. Now search your computer for C:\Users\Public\MicTray.log or check C:\Users\Public\ for the file; if it turns up, open it and check for login names, passwords, banking info, and so on, then change your passwords at the affected websites. 

Microsoft says in this advisory that "Windows Defender AV detects and removes this threat" but also warns "[d]oing so also disables the keyboard short cut that turns the microphone on and off."

For affected desktops and notebooks/laptops HP has made the public aware of scroll to the titles Commercial Desktops, Consumer Notebooks and Commercial Notebooks in the same security advisory linked above, which will list affected models not found in the lists below.

More affected notebook/laptop models the public has been made aware of [list]:

* HARDWARE PRODUCT MODEL(S):
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

Affected operating systems the public has been made aware of [list]:

* OPERATING SYSTEM(S):
Microsoft Windows 10 32
Microsoft Windows 10 64
Microsoft Windows 10 IOT Enterprise 32-Bit (x86)
Microsoft Windows 10 IOT Enterprise 64-Bit (x86)
Microsoft Windows 7 Enterprise 32 Edition
Microsoft Windows 7 Enterprise 64 Edition
Microsoft Windows 7 Home Basic 32 Edition
Microsoft Windows 7 Home Basic 64 Edition
Microsoft Windows 7 Home Premium 32 Edition
Microsoft Windows 7 Home Premium 64 Edition
Microsoft Windows 7 Professional 32 Edition
Microsoft Windows 7 Professional 64 Edition
Microsoft Windows 7 Starter 32 Edition
Microsoft Windows 7 Ultimate 32 Edition
Microsoft Windows 7 Ultimate 64 Edition
Microsoft Windows Embedded Standard 7 32
Microsoft Windows Embedded Standard 7E 32-Bit

I'm pretty sure merely having one of the operating systems listed above - by itself - isn't enough to predict "MicTray.exe" or "MicTray64.exe" will be found on your computer, but any make, model or type of computer - such as your tablet, laptop or computer tower - could have it, so it still doesn't hurt to check.


*ETA, 6-29-17: hat-tip to [personal profile] darkoshi for pointing out HP's security advisory lists laptops affected by this keylogger not found in the lists I posted; while I was noticing that, I realized there's a list of affected HP desktops, as well. Article and post title have been updated accordingly.