Can't really blame HP. It's Conexant fault.
HP Inc ships laptops with sinister key-logger
HP Inc ships a creepy key-logger on its laptops, according to security researchers. A Conexant audio driver for headphones, which is installed on the computers, records the user's keystrokes to a file on disk, we're told. This file – C:\Users\Public\MicTray.log – can be read by any malware running on or anyone logged into the …
COMMENTS
-
-
Thursday 11th May 2017 19:59 GMT redpawn
Not responsible for anything
Just put stuff in a box and sell it. Bad drivers, not our fault. Windows, definitely not our fault. Security, you're on your own but we'll give you a demo of MacAfee or Norton. Key logging is a feature, you might find out what your spouse is up to.
You can vet your own stuff to make sure it is fit for purpose. That being said it might pay to type in a random string or sentence and search within documents for what you have just typed. Won't catch encrypted files of course. You're on your own. Good luck!
-
Thursday 11th May 2017 20:51 GMT asdf
Re: Not responsible for anything
>Just put stuff in a box and sell it. Bad drivers, not our fault. Windows, definitely not our fault. Security, you're on your own but we'll give you a demo of MacAfee or Norton. Key logging is a feature, you might find out what your spouse is up to.
And they wonder why Apple is able to charge the premium it does for often inferior hardware. Has as much to do with PC makers incompetence as it does Apple selling the dream.
-
-
Thursday 11th May 2017 22:46 GMT Captain DaFt
"Can't really blame HP. It's Conexant fault."
*massive eye roll* So I suppose this happened, then?
HP: Honest Guv, he's telling the truth! We wanted to be honest, really we did! But they approached us in a dark alley and said:
"Nice computers ya got there. Oh Look! there's a big box of cash just sitting there with some software!"
"I'll bet if that software ends up in your computers, no one will ever come looking for that box of cash, cappish?"
*Wails* What were we supposed to do? It was Free Money!!
-
-
This post has been deleted by its author
-
Friday 12th May 2017 10:39 GMT Cuddles
Re: Hmmmmm....
"So it is a type of unencrypted telemetry then?"
No. The "tele" part refers to things happening over a distance, while this is simply writing to a local log file - plain old metry with no tele involved. As the article notes, the tele part could only happen in combination with some other malware.
-
-
-
-
Saturday 13th May 2017 10:09 GMT John Smith 19
"I can think of ZERO reasons why a headphone driver needs to log keystrokes."
My point exactly.
"To pick up activating hotkeys" is the usual explanation but doesn't Windows have a separate way to "register" an app to recognize only those keystrokes as a shared resource in the keyboard driver?
If it doesn't (and after 30 years you'd expect there's a function for damm near everything in there somewhere) WTF is it now writing every key to a file?
There is one use for this. If logs every keystroke your hard drive will fill up with lots of hidden crap files, causing you to replace your laptop earlier.
That would be a grossly cynical piece of behavior on the part of HP of course.
-
-
Friday 12th May 2017 02:09 GMT theblackhand
Re: WTF is this thing and why does it do what it does?
Reading modzeros advisory:
The program monitors all keystrokes made by the user to
capture and react to functions such as microphone mute/unmute
keys/hotkeys. Monitoring of keystrokes is added by implementing a low-
level keyboard input hook [1] function that is installed by calling
SetwindowsHookEx().
The rest just sounds like layers of fail - maybe the old HP laptop I had wasn't too slow, the drivers were just so badly implemented it never had a chance finish starting up....
-
-
-
Thursday 11th May 2017 23:44 GMT Nick Kew
Re: Shitty Laptops Anyway...
I'm typing this on a HP laptop (running Linux, so without this particular keylogger). The battery, screen and audio are crap compared to an Apple costing five or six times as much, but otherwise it's great. I've had several macbooks, and none has reached the age of this cheapo HP without some serious hardware failure.
-
Friday 12th May 2017 06:59 GMT Snorlax
Re: Shitty Laptops Anyway...
@Nick Kew: False equivalence much? Having a single trait in common doesn't make two things comparable. That's like saying my old Honda is nearly as good as a Ferrari because they've both got four wheels.
The reason a MacBook costs more money is because it's got a good battery, screen, keyboard and audio.
-
-
-
Friday 12th May 2017 01:27 GMT Glenn 6
Don't use manufacturer's install
I never deploy a laptop with the factory OS, because I don't want all the crap, advertising, and possible spyware that they all ship with.
Windows 10 is registered to the hardware. Download from MS and keep around a raw, clean Win10 USB key, blow away factory install and install that.
-