HP distributes keylogger infected audio drivers

User avatar
matt3o
-[°_°]-

11 May 2017, 15:22

Story: https://www.modzero.ch/modlog/archives/ ... index.html

TL;DR: HP distributed an update for Conexant audio driver that also included a keylogger. The drivers were correctly signed and this keylogger has already existed on HP computers since at least Christmas 2015. It's unclear who's responsible for this situation.

User avatar
seebart
Offtopicthority Instigator

11 May 2017, 15:31

Jeez just someone try to explain to me how something like this could be an "accident".

User avatar
rsbseb
-Horned Rabbit-

11 May 2017, 17:50

Certainly not an accident. We live in the information age and it seems that every imaginable entity has become keen on its collection. Digital privacy is dead.

User avatar
seebart
Offtopicthority Instigator

11 May 2017, 17:57

rsbseb wrote: Certainly not an accident. We live in the information age and it seems that every imaginable entity has become keen on its collection. Digital privacy is dead.
Unfortunately that's basically true. The worst part is that many people don't seem to even know and or not care. Mobile devices seem to be the worst in this respect. But it often is possible to protect ones privacy, it has gotten more elaborate in a negative sense though. What really scares me are younger users that seem to need their Mobile devices all day where chatting etc. has gotten to an addiction almost.

User avatar
Stabilized

11 May 2017, 18:39

With the amount of telemetry in Windows 10, it wouldn't surprise me if it had a complementary keylogger built in.

Findecanor

11 May 2017, 18:46

I suspect that reports on Windows 10 logging keys were actually because of Edge's address bar doing URL-completion as you type. But Chrome does that too unless you turn it off in settings.
But I would not be surprised by any real news about anything.

User avatar
matt3o
-[°_°]-

11 May 2017, 18:51

for the sake of completeness, the keylogger indeed logs all your key strokes, but it keeps them locally. There's no evidence that the log file is actually sent anywhere.

Of course it's still a huge security risk, if a hacker knows where the file is stored and gets access to your PC (remotely or locally) you are pretty much fucked.

In all honesty I feel like it's just a very (very (very)) sloppy software design and there's no malice behind it. Still if you have an HP PC you should check this: https://www.modzero.ch/advisories/MZ-17 ... logger.txt

User avatar
Madhias
BS TORPE

11 May 2017, 22:14

I read about it a few minutes ago, and thought like WTF - thinking of master passwords and similar things. Also I read even when in the file there is no text it is reading keystrokes (running this DebugView.exe), and can be read remotely running in agent mode.

User avatar
matt3o
-[°_°]-

12 May 2017, 07:54

Reading the various discussions about it, it is likely that the software has been compiled with some "debug" options and they forgot to remove them for production. It seems a reasonable enough explanation, but still

Post Reply

Return to “Off-topic”