The Swiss security research firm Modzero just published a report documenting a grave flaw in HP laptops: an audio-driver made by Conexant that captures every keystroke (to detect volume up/down and mute-button presses) and saves them to an unencrypted file on the local system, which can then be exfiltrated via a debugging API that allows remote parties to see every keystroke in realtime.
At least 28 models of HP laptop are vulnerable.
According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 18.104.22.168 and earlier.
This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).
This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."
Security Advisory: Unintended/Covert Storage Channel for
sensitive data in Conexant HD Audio Driver Package. [Modzero]
Keylogger Found in Audio Driver of HP Laptops
[Catalin Cimpanu/Bleeping Computer]
Canada’s privacy authorities on Friday said they are investigating New York-based Clearview AI over concerns the facial recognition technology may not comply with Canadian privacy law.
A leaked demo has bright red and orange marks on ‘harmfully misleading’ tweets
• U.S. State Department blames Russia for cyberattacks that hit neighboring Georgia in October 2019 • By identifying Russia’s digital assaults on neighbors, US hopes to raise awareness of ongoing GRU attacks on US
Is it just us, or does it feel like winter hasn’t been as horrendous as usual this year? Well, stats show it’s actually been one of the warmer winters on record so far this year for many eastern U.S. cities in January and February. But, almost on cue, weather experts warn signs of a serious […]
While mobile devices are all but essential and the center of so many individual universes these days, find one person who loves their wireless plan with that type of passion. Check around. We’ll wait… Didn’t find anybody, did you? That’s because most wireless plans are designed for the convenience of the provider and will nickel-and-dime […]
In the early days of the web, everyone wanted a .com domain for their site. As a result, all the good ones got snapped up. But .com no longer has the cachet it once did. In fact, many new businesses and individuals are opting for other top-level domain extensions. One of the most memorable is […]