According to Swiss infosec firm ModZero, certain HP laptops have inadvertently been logging your keystrokes every time you use the devices. According to the post by ModZero, the keylogger was discovered in the Conexant HD audio driver package (version 1.0.0.46 and earlier), found on dozens of HP business and enterprise laptop models. A few consumer models were also affected.
The update had initially been released in 2015, though it was a later update that made the patch an accidental keylogger. As a result, the unintentional keylogger would store your keypresses to a log file stored locally on the user’s system. This is found at C:\Users\Public\MicTray.log. While this log file would get wiped upon logging out or restarting your system, users who often backed up their HP laptops could unwittingly be creating permanent records of everything they typed, every time they logged in.
HP was quick to respond, with a spokesperson stating the following, “HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue.”
Furthermore, according to HP vice-president Peter Nash, a fix was soon made available, both on Windows Update and on HP’s website for 2016 and post-2016 models. Meanwhile, 2015 models would receive the patch today. According to him, the keylogger-type feature was never meant to make it out to the final devices, as it was accidentally added to the driver’s production code.
