When you hear about the word keylogger, chances are good you immediately think about malware. That’s an easy just to take as more often than not the addition of code that saves every letter that you type would be used for nefarious purposes. HP computers have been found with an active keylogger installed, though it seems it might not be as bad as you’d probably think.
If you’ve got an HP computer or laptop, you may want to check whether or not C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe are installed. If so, those apps are recording everything you type and storing it as plain text on your hard drive. There’s quite a bit of good news, as is rarely often the case in these instances. This seems to be more of an issue of lazy development rather than intended maliciousness.
These apps are part of a driver package that has been offered by HP since 2015 for Conexant audio chips. The drivers allow for a series of key presses to activate or deactivate features of the chips. Stuff like turning the mic on, starting to record, disabling the recording LED could be handled by various keystrokes. In order to recognize these keystrokes, the apps record everything that you type in order to respond appropriately when the necessary keys are pressed. If you’re on an HP computer and have either of those apps installed, just go to C:\Users\Public\MicTray.log to see what you’ve been typing.
In continued good news, this log file is overwritten every time you reboot your machine, so there’s not an extended log of all of your actions — unless you don’t reboot or turn off your computer very often. Your computer also is not using this log for anything other than the audio drivers, and it’s not sending that log anywhere for anyone to potentially steal your passwords. It’s mostly just creepy on its own.
This issue was discovered by security researchers at modzero AG.They did what we’d hope all good citizens would do and notified HP of their discovery. HP Enterprise refused to take responsibility, while HP Inc. and Conexant simply ignore the issue. So, modzero released their findings publicly as part of their Responsible Disclosure process.
Ridding yourself of the problem is also exceptionally easy. Simply rename the executable (MicTray.exe or MicTray64.exe) to something other than its intended name. This will have the side effect of removing those great keyboard shortcuts from your audio drivers, but when the alternative is having everything you type saved to a plain text file I’d imagine you’ll be able to live without a few keyboard shortcuts.
Do you have an HP computer with these audio drivers installed? Have you checked your log file to see what it’s been saving? Do you think that HP and/or Conexant should really just fix this issue rather than ignoring it? Tell us what you think in the comments below or on Google+, Twitter, or Facebook.