What is Keylogger? A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as ‘well-intended’. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.
The fix for the HP keystroke logging security flaw has been issued with a Windows update released on Friday for the following 2016 HP PC models – EliteBook, ProBook and Zbook. Owners of the aforementioned HP devices and owners of 2015 models are advised to download the update right away.
Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?
The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website. On the other hand, the software was developed and digitally signed by the audio chip manufacturer Conexant.
Conexant is a manufacturer of integrated circuits, emerging from a US armaments manufacturer. Primarily, they develop circuits in the field of video and audio processing. Thus, it is not uncommon for Conexant audio ICs to be populated on the sound cards of computers of various manufacturers. Conexant also develops drivers for its audio chips, so that the operating system is able to communicate with the hardware. Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model – for example special keys for turning on or off a microphone or controlling the recording LED on the computer. In this code, which seems to be tailored to HP computers, there is a part that intercepts and processes all keyboard input.
Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive. This type of debugging turns the audio driver effectively into a keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.
According to Axios, HP did not access and share the data that was stored in the files and key logging codes but having them could have posed a security threat for the customers. HP says this fix will remove the key-logging codes and the files that stored the keystrokes. Owners should also delete all the backups that they may have created before updating their Windows versions as they may contain multiple copies of their keystroke data.
HP Vice President told Axios in a statement that the keystroke logging code was a debugging code that must have been left unintentionally by Conexant, the company that made the audio driver for HP’s PC models, and it “should never have been included on shipping PCs.” He further explained that the company never had any intention to include that software or record user’s keystroke data. “It was something that was there in development process and should have been removed,” he added.
Notably, a security firm known as Modzero has earlier intimated HP and Conexant about the keystroke logging flaw, however, HP’s Nash said that the company had already been in a process of working on the fix before Modzero’s notification.
Site Title 