The Swiss security research firm Modzero just published a report documenting a grave flaw in HP laptops: an audio-driver made by Conexant that captures every keystroke (to detect volume up/down and mute-button presses) and saves them to an unencrypted file on the local system, which can then be exfiltrated via a debugging API that allows remote parties to see every keystroke in realtime.
At least 28 models of HP laptop are vulnerable.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 184.108.40.206 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
Security Advisory: Unintended/Covert Storage Channel for
sensitive data in Conexant HD Audio Driver Package. [Modzero]
Keylogger Found in Audio Driver of HP Laptops
[Catalin Cimpanu/Bleeping Computer]
The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email?
If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone […]
Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security […]
Few programming languages boast the versatility and user-friendliness of Python, which is why it’s the first language of choice for many aspiring programmers. Regardless of your experience level, you can take the first step to becoming Python-savvy with the Python 3 Bootcamp Bundle, available in the Boing Boing Store for $35 this week. Featuring more than […]
We live during a time where cyberattacks regularly make news headlines, so it should come as no surprise that cybersecurity professionals are experiencing a surge in demand at even the entry level, making now the ideal time to learn the tools of the trade if you’re considering a career switch. The 2018 Supercharged Cybersecurity Bundle offers […]
It’s no secret that companies are eager to hire new project managers and pay them hefty salaries to ensure their initiatives make it from A to B. However, demand alone isn’t quite enough to get your foot in the door as a project manager these days. Without the right certifications, companies will have a hard time […]