Keystroke logging

How to Check if Your HP Laptop Has the Conexant Keylogger

Many HP laptops released in 2015 and 2016 have a major problem. The audio driver provided by Conexant has debugging code enabled, and it either logs all your keystrokes to a file or prints them to the system debug log, where malware could snoop on them without looking too suspicious. Here’s how to check if your PC is affected.

Why Is My HP Laptop Logging My Keystrokes?

HP says it has no access to this data, and the keylogger in question does not appear to be malicious. There’s no evidence that the keylogger actually does anything with the keystrokes it captures beyond saving them to your PC. However, this could be dangerous, as that sensitive log of keystrokes would be available to malware and may be stored in backups. In other words, it’s not malice—just incompetence.

This appears to be debugging code in the Conexant audio driver, code which should have been removed by Conexant before the driver shipped on PCs. The part of the driver which listens for media shortcut keys automatically logs the keys it sees you press. It was discovered by researchers from Modzero.

How to Check if the Keylogger Is Active

There appears to be different behavior on different HP laptops, depending on the version of the audio driver they include. On many laptops, the keylogger writes keystrokes to the C:\Users\Public\MicTray.log file. This file is wiped at each boot, but it may be captured and stored in system backups.

Navigate to C:\Users\Public\ and see if you have a MicTray.log file. Double-click it to view the contents. If you see information about your keystrokes, you have the problem driver installed.

If you do see data in this file, you’ll want to delete the MicTray.log file from any system backups it may be a part of to ensure the records of your keystrokes are erased. You should also delete the MicTray.log file from here to erase the record of your keystrokes.

Even if you don’t see…

Why Mac Apps Occasionally Ask for Access to Accessibility Features

If you use a Mac and any software that controls your keyboard, including text expanders, you’ve probably come across a dialogue box asking you to grant the app access to “accessibility features.” How-To Geek explains what that means.

Accessibility settings are gated off by Apple for security purposes because apps that help with accessibility, like text-to-speech applications or key logging applications, work by controlling certain system level services or other applications entirely. Traditionally, a Mac app is a single container that cannot access system level controls. Accessibility apps get a little more control over system access and can control other apps entirely. How-To Geek explains it like so:

In part, it uses this name because multiple accessibility applications need access to these…