Skip to main content

Some HP laptops could have a dangerous keylogger

(Image credit: Image Credit: Elena11 / Shutterstock)

Some of HP's leading laptops may have shipped carrying a keylogger, researchers have revealed. 

Experts from Switzerland-based security consulting firm Modero have released a report stating that more than two dozen HP laptop brands come with a problematic audio device driver. 

The driver has a component named MicTray64.exe, which allows the driver to respond when certain keys on the keyboard are pressed.  However, it also logs all of the keys pressed, and sends them – unencrypted – to a debugging interface, or writes them down on the C drive. The log file, which can be found on this location - C:\Users\Public\MicTray.log (if you have an HP laptop) and gets rewritten every time the machine is rebooted, but there are ways it could stay unaltered for weeks, months even. 

"This type of debugging turns the audio driver effectively into keylogging spyware," modzero researchers wrote. "On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015." 

“There is no evidence that this keylogger has been intentionally implemented. Obviously, it is a negligence of the developers - which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn't be problems with the confidentiality of the data of any user.” 

Following the announcement, HP was quick to reach out to ITProPortal, saying it had no access to customer data, and that a fix will be available soon:

"HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via"

The exact technical details and documents can be found in modzero’s Security Advisory (opens in new tab)

Image Credit: Elena11 / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.