Keyboard logging on Hewlett-Packard laptops

Posted 14 May 2017 at 10:28 UTC by lloydwood Share This

The Conexant audio driver on Windows HP laptops secretly logs every keystroke to disk. This is a large security hole.

Versions of the Conexant audio driver on HP laptops can log every keystroke to disk, writing to a visible file in C:\Users\Public. Your passwords, everything.

So HP issued a driver update. But that driver update is reported to still have the logging capability, turned off. Logging can be reactivated with a simple registry hack.

My future plans do not include buying devices from Hewlett-Packard, or investing in Conexant stock.

Hewlett-Packard Conexant Windows driver updates, posted 16 May 2017 at 04:31 UTC by lloydwood » (Journeyer)

HP's sp80264 driver update (11 May 2017) was quietly replaced with HP's sp80323 driver update (14 May 2017). Both versions of this driver were to fix 'audio issues'.

HP security bulletin and further developments, posted 17 May 2017 at 00:34 UTC by lloydwood » (Journeyer)

HP's official security bulletin on the issue. Meanwhile, the logger can be reused and exploited.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page