Author

Topic: Keylogger built into HP computers? (Read 804 times)

hero member
Activity: 770
Merit: 504
(っ◔◡◔)っ🍪
May 12, 2017, 05:52:11 PM
#18
"Its bad form to be even accessing this information! Aren't there OS hooks to install shortcuts for specific key sequences? There is no reason why an audio driver should be sifting through every keystroke looking for hotkeys."
"Its bad form to be even accessing this information! Aren't there OS hooks to install shortcuts for specific key sequences? There is no reason why an audio driver should be sifting through every keystroke looking for hotkeys. If installing a global keyboard input hook is actually the "correct" way to create keyboard shortcuts to mute the microphone, then at least 10% of the blame here goes to MS."

There are three explanations to this: bad programming, some quirk we don't know that forced developers to use this kind of "keylogging" or bad intent.
Seeing how they write keystrokes to plain text file I would bet on bad programming, but you never know. 
legendary
Activity: 3906
Merit: 1373
May 12, 2017, 10:17:51 AM
#17
Get a computer.
Remove the hard drive.
Set it up to run Ubuntu from a USB port.
Keep your data on other USB drives.
Use Veracrypt and the cloud when necessary.
You'll be just fine.

Cool
newbie
Activity: 14
Merit: 0
May 12, 2017, 10:13:58 AM
#16
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.

So if I remove Windows and install Ubuntu on a HP Notebook, the keylogger will be removed?

Not exactly.

If you do that then you will be targeted as a person trying to avoid surveillance. What are you trying to cover up? What is it that you do not want authorities to see? What are you hiding?

You will jump from "level one / general scrutiny" to "level two / enhanced scrutiny" by the security services in your country. 

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

I know I will become a priority but will it remove that actual keylogger?

I am not an expert in this, but Windows uses one kind of file system and Linux another, so nothing that existed on your Windows install would carry over to a Linux install.


It may not be what you want, but here is a more practical answer. Government types, people who have lived only for their bureaucracy, are taking enormous steps to control crypto. Look at the vast sums being spent to prop up Ripple, Ether, Monero etc, before coins are even mainstream.

No matter what you do and which operating system you use, there are government agencies that want access to your coins. They would not let you have cash that they could not control, and those types of people are not happy that they do not control your coins.

Linux is probably as hacked as Windows. Governments have not just been sitting by saying "oh, we cannot hack Linux, we will stick with hhacking Windows".

The smarter solution to bitcoin security is physical limitations on access to keys, such as offline computers, rather than os changes.

You always have to worry about hackers, and it is a shame that the most dangerous and harmful hackers are cowardly bureaucrats in our own governments, but there is little we can do.

Be aware of threats, usb driver hacks, Windows hacks, antivirus cooperation with govts etc, do your best, and when the day is over go to sleep.
sr. member
Activity: 504
Merit: 250
May 12, 2017, 07:28:23 AM
#15
I’m not really surprised by this, whether it was an accidental or purposeful keyloger. I do have an HP laptop, although luckily for me I couldn’t find this on it.

For anybody who uses Windows I highly recommend a program called Tinywall; with it you can disable internet access to all software except the software you choose. As a last line of defense it would prevent malware or a keylogger from connecting to the internet and sending information to a remote location (you can also use it to disable Windows update, which is a vulnerability as shown in the Vault 7 leaks).

So if I remove Windows and install Ubuntu on a HP Notebook, the keylogger will be removed?
Not exactly.
If you do that then you will be targeted as a person trying to avoid surveillance. What are you trying to cover up? What is it that you do not want authorities to see? What are you hiding?
You will jump from "level one / general scrutiny" to "level two / enhanced scrutiny" by the security services in your country.  
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
I know I will become a priority but will it remove that actual keylogger?
Yes, it should since the malware is in inside a .exe file installing another OS should fix it. In fact I’m not sure if you’d even become a higher priority target if you remove/disable the keylogger; I can’t imagine how many users disable it by installing Linux or running a firewall, so I don’t think you’re going to get any attention. Generally the US government (as far as I’m aware of thanks to leaks) generally only has computers mass read data, they don’t have the time to personally sit down and see why everybody’s connection was encrypted or computer stopped sending logs.

I’d also like to remind people that it’s not a given that the NSA/CIA is using this exploit/malware. They have other ways in if they really need.
legendary
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
May 12, 2017, 05:58:56 AM
#14
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.

It doesn't surprise me as Windows 10 is basically tracker software without modification so installing a non publicized backdoor with a Coexnant verification signature could imply it's a CIA/NSA approved codex. Although the part that says there is no evidence that this keylogger has been intentionally implemented, could also be plausible deniability as the note mentioned and code is sloppy but their is always the point of do people really check these things and if they do it takes a while so until its pointed out we can just run with it etc.

"Obviously, it is a negligence of the developers - which makes the software no less harmful. If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn't be problems with the confidentiality of the data of any user."

Still since HP and Conexant were moot on the topic when modezero mentioned it so the former seems plausible.
hero member
Activity: 616
Merit: 500
May 12, 2017, 05:46:33 AM
#13
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.

So if I remove Windows and install Ubuntu on a HP Notebook, the keylogger will be removed?

Not exactly.

If you do that then you will be targeted as a person trying to avoid surveillance. What are you trying to cover up? What is it that you do not want authorities to see? What are you hiding?

You will jump from "level one / general scrutiny" to "level two / enhanced scrutiny" by the security services in your country. 

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

I know I will become a priority but will it remove that actual keylogger?
staff
Activity: 3500
Merit: 6152
May 12, 2017, 12:55:45 AM
#12
I was just reading about this a few minutes ago, whoever is having a bitcoin wallet installed on his device, should probably move it at this point. It's not really affordable to lose anything at this point with the price going UP. If the malware is on the Audio driver, installing another OS is probably not going to help.
newbie
Activity: 14
Merit: 0
May 11, 2017, 07:44:07 PM
#11
Because writing log of keystrokes to C:\Users\Public\MicTray.log suggests it. If it was real keylogger its output should be hidden, at least to some extent. I understand that writing to Public directory may have its merits, but with NTFS filesystem there are ways to hide real content of a file, which apparently wasn't employed here.

A few concerns though.

From the article

"A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen." https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

Remember, this is an audio driver.

" So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP? The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website. On the other hand, the software was developed and digitally signed by the audio chip manufacturer Conexant."

"Conexant is a manufacturer of integrated circuits, emerging from a US armaments manufacturer. Primarily, they develop circuits in the field of video and audio processing. Thus, it is not uncommon for Conexant audio ICs to be populated on the sound cards of computers of various manufacturers. Conexant also develops drivers for its audio chips, so that the operating system is able to communicate with the hardware."

And here we start wandering onto fluffy ground...

"Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model - for example special keys for turning on or off a microphone or controlling the recording LED on the computer. In this code, which seems to be tailored to HP computers, there is a part that intercepts and processes all keyboard input."

"Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive."

I'm going to call that probably utter bullshit.  

"Furthermore, the OutputDebugString API provides a covert channel for malware to record real-time keystrokes without using native Windows functions, usually under the watchful eye of antivirus software." https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/

One of the recurring themes in government spyware has been built in tools that provide access to governments and at the same time deniability to the company. This looks like it falls in that category, rather than 'accidentally poor design'.

'

"Its bad form to be even accessing this information! Aren't there OS hooks to install shortcuts for specific key sequences? There is no reason why an audio driver should be sifting through every keystroke looking for hotkeys. If installing a global keyboard input hook is actually the "correct" way to create keyboard shortcuts to mute the microphone, then at least 10% of the blame here goes to MS."

"Setting a global hook through SetWindowsHookEx instead of using the RegisterHotkey API is indeed a strange way to do this. That, along with the other things mentioned makes me wonder about the developers that wrote this. " Public comment from https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/

'

An interesting comment about Lenovo / superfish "Surprisingly, the behavior largely escaped the notice of security and privacy advocates, until now." https://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/ Very different, but the comment is significant.

Oldest reverences I can find to the news are 4chan and http://forums.hardwarezone.com.sg/notebook-clinic-77/hp-users-beware-keylogger-found-audio-driver-hp-laptops-5616858.html and https://www.codeproject.com/Insider.aspx?msg=5395039  Shocked

Was this kind of shit about hp computers that has keyloggers being distributed world wide or it is just on the US? Why the fck would they surveillance us we are not a part of the US. Why would HP company do that lol

You may not be part of the U.S. but the U.S. owns you. Now get back to work.

https://s-media-cache-ak0.pinimg.com/originals/19/67/de/1967dec50c88ca01ba9e13715e1c6ac9.gif
hero member
Activity: 910
Merit: 500
May 11, 2017, 07:02:01 PM
#10
Was this kind of shit about hp computers that has keyloggers being distributed world wide or it is just on the US? Why the fck would they surveillance us we are not a part of the US. Why would HP company do that lol
sr. member
Activity: 630
Merit: 263
May 11, 2017, 06:24:05 PM
#9
Who even knows exactly what is contained in all operating systems? It seems to me that they not only can secretly gather information about the user, but in case of war can turn off all the computers of the enemy. Why not? Theoretically this is possible. With the advent of the Internet we have lost our privacy and now only create for ourselves the illusion of security.
hero member
Activity: 770
Merit: 504
(っ◔◡◔)っ🍪
May 11, 2017, 06:12:44 PM
#8
Because writing log of keystrokes to C:\Users\Public\MicTray.log suggests it. If it was real keylogger its output should be hidden, at least to some extent. I understand that writing to Public directory may have its merits, but with NTFS filesystem there are ways to hide real content of a file, which apparently wasn't employed here.
newbie
Activity: 14
Merit: 0
May 11, 2017, 06:03:53 PM
#7
It looks more like very bad design decision than intentional keylogger, but unfortunately due to the nature of keylogging mechanism it can be utilized by bad guys. I hope this will get picked by security monitoring software so affected users will know they should deactivate this "feature".

What makes you say "more like very bad design decision than intentional keylogger"?

The Vault 7 stuff https://wikileaks.org/ and other material shows that a lot of computer companies, Microsoft et al, have assisted in providing backdoors into computers, manufacturing weaknesses into computers used by individuals.

Do you really believe that this case, a rather delayed discovery, was an inadvertant 'bad design decision'Huh
hero member
Activity: 770
Merit: 504
(っ◔◡◔)っ🍪
May 11, 2017, 05:51:48 PM
#6
It looks more like very bad design decision than intentional keylogger, but unfortunately due to the nature of keylogging mechanism it can be utilized by bad guys. I hope this will get picked by security monitoring software so affected users will know they should deactivate this "feature".
newbie
Activity: 14
Merit: 0
May 11, 2017, 03:54:12 PM
#5
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.
Would this also imply that malicous code is embedded on the audio chip?

What do you mean by malicious?

sr. member
Activity: 259
Merit: 250
May 11, 2017, 03:46:38 PM
#4
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.
Would this also imply that malicous code is embedded on the audio chip?
newbie
Activity: 14
Merit: 0
May 11, 2017, 03:25:16 PM
#3
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.

So if I remove Windows and install Ubuntu on a HP Notebook, the keylogger will be removed?

Not exactly.

If you do that then you will be targeted as a person trying to avoid surveillance. What are you trying to cover up? What is it that you do not want authorities to see? What are you hiding?

You will jump from "level one / general scrutiny" to "level two / enhanced scrutiny" by the security services in your country. 

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
hero member
Activity: 616
Merit: 500
May 11, 2017, 03:08:47 PM
#2
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.

So if I remove Windows and install Ubuntu on a HP Notebook, the keylogger will be removed?
newbie
Activity: 14
Merit: 0
May 11, 2017, 03:06:31 PM
#1
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html

On a lot of Windows computers, so called "audio" software has properties that are not consistent with what one would expect.
Jump to: