Security assistants at Modzero found out that software that comes within some HP laptops save a copy of everything typed by the user in a plain text file. Though it is not made to spy on the user or to send their data to anyone, but it still risks the data to be exposed. This is an avoidable flaw.
HP has not responded to the flaw as yet however user can easily disable it. Disabling might make some features not work properly.
An update released by HP says that have fixed the 2016 model HP laptops through Windows update and an update for 2015 hp laptops would be out soon. The key logger was to remove some error codes and this was not supposed to be a part of shipped version of the software.
Here is how it works, many laptops have media keys that allow the user to play or pause music and videos with a certain key or combination of keys. Few HP laptops have an application, MicTray, which monitors the keystrokes precisely to assist that function.
The flaw is that , it not only observes the number of times a user presses a key but also keeps the track of every typed data like usernames, passwords, credit card numbers and other confidential data.
Everything is saved in a plain text file called MicTray.log. Laptop Magazine records that the file does not display a copy of every word typed instead comprises of a list of keystrokes that say like Mic target 0x1 scancode 0x1e flags 0x0 extra 0x0 vk 0x41 (which means letter “a” is typed)
Data is not translated or encoded but anyone who knows how to read it can access your confidential data.
The file gets erased upon restarting or when logged in with a new username. But if the user keep the system on sleep more often than the file might include a lot of private data. Modzero writes a blog post about it saying that if anyone is using online backup solutions, then the plain text file could be sent to a distant server through internet. It is unclear if it was HP or Conexant, the audio driver developers, decided to log every keystroke nevertheless complicating the data somehow.
But Modzero notes that affected PC could be checked if you notice a file at C:\Users|Public\MicTray.log. And you can disable the feature by deleting or renaming either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe, depending on which one is installed on your computer.
When application is disabled the media playback controls might not properly work.
More details and a list of PCs affected is available on the website of Modzero. Below are the few affected models:
- HP EliteBook 700 and 800 series G3 notebooks
- HP ProBok 600 series G2 notebooks
- HP ProBook 400 series G3 notebooks
- HP Elite x2 1012 G1 2-in-1 tablet
- HP ZBook 15u, 15, 17, and Studio G3 mobile workstations
- HP EliteBook Folio G1 notebook