In a recent statement by Swiss Infosec group, ModZero, your HP might be recording your keystrokes and logging sensitive information and reporting it back to HP.
The latest list of impacted devices are below:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
According to ModZero’s blogpost, an update to the drivers in 2015 was meant to capture specific keystrokes as a diagnostic measure, however, the poor implementation made the driver behave like a key logger, capturing every single keystroke.
That alone is reason to worry, but the more troubling news is a later revision to the driver introduced a logging measure, where the driver would capture the keystrokes and then log them to C:\Users\Public\MicTray.log.
It is worth mentioning, when you log out or restart your computer the log file is wiped, but this measure doesn’t protect our customers who subscribe to our cloud backup solutions.
There are some work-arounds, one of which is to rename the MicTray / MicTray64.exe file – but doing this will ultimately resort to a loss in some keyboard functionality and/or hotkey usage.
We recommend impacted users and customers to reach out to us at (678) 829-8448 so we can remediate this issue for you!