back to article HP Inc ships laptops with sinister key-logger

HP Inc ships a creepy key-logger on its laptops, according to security researchers. A Conexant audio driver for headphones, which is installed on the computers, records the user's keystrokes to a file on disk, we're told. This file – C:\Users\Public\MicTray.log – can be read by any malware running on or anyone logged into the …

  1. Gis Bun

    Can't really blame HP. It's Conexant fault.

    1. redpawn Silver badge

      Not responsible for anything

      Just put stuff in a box and sell it. Bad drivers, not our fault. Windows, definitely not our fault. Security, you're on your own but we'll give you a demo of MacAfee or Norton. Key logging is a feature, you might find out what your spouse is up to.

      You can vet your own stuff to make sure it is fit for purpose. That being said it might pay to type in a random string or sentence and search within documents for what you have just typed. Won't catch encrypted files of course. You're on your own. Good luck!

      1. asdf Silver badge

        Re: Not responsible for anything

        >Just put stuff in a box and sell it. Bad drivers, not our fault. Windows, definitely not our fault. Security, you're on your own but we'll give you a demo of MacAfee or Norton. Key logging is a feature, you might find out what your spouse is up to.

        And they wonder why Apple is able to charge the premium it does for often inferior hardware. Has as much to do with PC makers incompetence as it does Apple selling the dream.

    2. Captain DaFt

      "Can't really blame HP. It's Conexant fault."

      *massive eye roll* So I suppose this happened, then?

      HP: Honest Guv, he's telling the truth! We wanted to be honest, really we did! But they approached us in a dark alley and said:

      "Nice computers ya got there. Oh Look! there's a big box of cash just sitting there with some software!"

      "I'll bet if that software ends up in your computers, no one will ever come looking for that box of cash, cappish?"

      *Wails* What were we supposed to do? It was Free Money!!

    3. Snorlax Silver badge

      I thought CXT were long gone. Every laptop I've owned in the last five or six years has had Realtek audio...

  2. This post has been deleted by its author

    1. Cuddles Silver badge

      Re: Hmmmmm....

      "So it is a type of unencrypted telemetry then?"

      No. The "tele" part refers to things happening over a distance, while this is simply writing to a local log file - plain old metry with no tele involved. As the article notes, the tele part could only happen in combination with some other malware.

      1. CrazyOldCatMan Silver badge

        Re: Hmmmmm....

        the tele part could only happen in combination with some other malware.

        Speaking of malware, I'm assuming that that file won't get hoovered up by Windows 10 and uploaded to the Borg Mothership..

  3. VinceH Silver badge
    Facepalm

    Optional

    Icon

    says

    it

    all

  4. John Smith 19 Gold badge
    Unhappy

    WTF is this thing and why does it do what it does?

    Which is what I think people would like to know.

    1. Tom 64
      Coffee/keyboard

      Re: WTF is this thing and why does it do what it does?

      Indeed, I can think of ZERO reasons why a headphone driver needs to log keystrokes. Even for 'debugging' purposes, this makes no sense.

      1. John Smith 19 Gold badge
        Unhappy

        "I can think of ZERO reasons why a headphone driver needs to log keystrokes."

        My point exactly.

        "To pick up activating hotkeys" is the usual explanation but doesn't Windows have a separate way to "register" an app to recognize only those keystrokes as a shared resource in the keyboard driver?

        If it doesn't (and after 30 years you'd expect there's a function for damm near everything in there somewhere) WTF is it now writing every key to a file?

        There is one use for this. If logs every keystroke your hard drive will fill up with lots of hidden crap files, causing you to replace your laptop earlier.

        That would be a grossly cynical piece of behavior on the part of HP of course.

    2. theblackhand

      Re: WTF is this thing and why does it do what it does?

      Reading modzeros advisory:

      The program monitors all keystrokes made by the user to

      capture and react to functions such as microphone mute/unmute

      keys/hotkeys. Monitoring of keystrokes is added by implementing a low-

      level keyboard input hook [1] function that is installed by calling

      SetwindowsHookEx().

      The rest just sounds like layers of fail - maybe the old HP laptop I had wasn't too slow, the drivers were just so badly implemented it never had a chance finish starting up....

  5. Snorlax Silver badge

    Shitty Laptops Anyway...

    I'm surprised people still buy HP laptops.

    On the bright side this keylogger issue isn't remotely as bad as Intel and their AMT bug.

    1. Nick Kew Silver badge

      Re: Shitty Laptops Anyway...

      I'm typing this on a HP laptop (running Linux, so without this particular keylogger). The battery, screen and audio are crap compared to an Apple costing five or six times as much, but otherwise it's great. I've had several macbooks, and none has reached the age of this cheapo HP without some serious hardware failure.

      1. Snorlax Silver badge

        Re: Shitty Laptops Anyway...

        @Nick Kew: False equivalence much? Having a single trait in common doesn't make two things comparable. That's like saying my old Honda is nearly as good as a Ferrari because they've both got four wheels.

        The reason a MacBook costs more money is because it's got a good battery, screen, keyboard and audio.

      2. Anonymous Coward
        Anonymous Coward

        Re: Shitty Laptops Anyway...

        I'm typing this on a HP laptop ...

        I stopped reading after that because my eyes had filled with tears of commiseration.

    2. herman Silver badge

      Re: Shitty Laptops Anyway...

      The key logger makes a perfect addition to the AMT and Defender bugs. Very handy indeed. It is great to know whether I need to buy or sell my MSFT stock. I'm typing this on Satya's computer of course.

  6. Glenn 6

    Don't use manufacturer's install

    I never deploy a laptop with the factory OS, because I don't want all the crap, advertising, and possible spyware that they all ship with.

    Windows 10 is registered to the hardware. Download from MS and keep around a raw, clean Win10 USB key, blow away factory install and install that.

  7. Anonymous Coward
    Anonymous Coward

    modzero - Contacted Hewlett-Packard Enterprise...

    But can we trust modzero when they don't even seem to know what company's laptops have a problem.

    1. Yet Another Anonymous coward Silver badge

      Re: modzero - Contacted Hewlett-Packard Enterprise...

      They just googled "HP spying scandal" and got the wrong division

  8. This post has been deleted by a moderator

    1. Anonymous Coward
      Anonymous Coward

      Re: HP IS LIKE CLINTON

      I think you may have forgotten your meds there... Or is that you, amanfrommars?

    2. herman Silver badge

      Re: HP IS LIKE CLINTON

      Dude, please don't leave your mom's basement.

  9. Sparrowhawks

    Free Keylogger

    HP and it's cohorts have just handed a free keylogger to anyone in possession of one of these affected devices. It wouldn't require much know how to copy, modify and install elsewhere.. Oh dear!

  10. Anonymous Coward
    Anonymous Coward

    Friends don't let friends buy HP laptops...

    Keylogger would only record the warranty claim and refund requests, then silence mid-sentence.

    Strangely, HP desktops are fine.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019