HP's stupid audio-driver logs every keystroke you make (and it has an API!)

Originally published at: http://boingboing.net/2017/05/11/thanks-conexant.html

1 Like

Logging every key in case someone might hit a “volume down” button… This should win some engineering anti-prize. Probably involving a forced full colonoscopy by a machine of winner’s own design.

17 Likes

If I still adhered to Hanlon’s razor, I would say it looks like a debug build made it to the wild.

10 Likes

I don’t really understand the logic behind this keylogger at all. What exactly is the purpose of capturing/tracking key presses? I can’t imagine how someone thought this was a good idea and that it could not be used maliciously. HP can’t be that stupid… right? /s

3 Likes

It was likely a debug feature that was missed when the code got released. So it’s probably stupid for different reasons.

5 Likes

By the loser’s might be more interesting.

[quote]a grave flaw in HP laptops: an audio-driver made by Conexant[/quote]Wouldn’t that make it “Conexant’s stupid audio-driver”, then? A rather crucial distinction, I would think; HP is hardly Conexant’s only client and those who find this particularly alarming would probably do well to specifically avoid Conexant’s other products.

Let’s see…

In December 2016, Conexant and Amazon co-announced the AudioSmart 2-Mic Development Kit for Amazon AVS, a commercial-grade reference solution that streamlines the design and implementation of audio front end systems. Based on the Conexant AudioSmart™ CX20921 Voice Input Processor, the dual microphone board was designed to reduce time-to-market for new third-party voice-enabled Alexa devices

Uh-oh.

4 Likes

Does anyone know if it captures keystrokes when the UAC dialog is active?

1 Like

Recently we had a career fair for middle and high school kids. Everybody for miles around was there. Lots of free food. Lots of neat things to do. The kids loved it.

For one of our IT displays, we displayed the traffic of a wireless network using a network visualization tool. When the kids connected to the wifi, they could see their traffic. They loved doing different things on their phones and tablets and seeing what happened.

Somebody had surreptitiously placed a surveillance tracker on a kid’s phone. Every thing he did caused a burst of traffic to a remote IP. When he scrolled a screen there was a burst of traffic to that IP, When he typed a character there was a burst of traffic to that IP. When he opened up “Settings” there was a burst of traffic to that IP. When he examined the list of installed apps, there was a burst of traffic to that IP. It was tracking everything he did.

The poor kid was absolutely heartbroken when he realized what was going on. His face turned pale. He could not talk. His friends all took a step back and stared at him like he was contagious.

I didn’t know how to make it better. I tried: “If he is being monitored by a government, they didn’t really care what he was doing.” Nobody seemed reassured…

I didn’t realize my mistake until much later. I kept babbling on and on about types of RAT (Remote Access Tools) and the rise of the surveillance state. Eventually I stuttered to a stop when I saw the intense look of horror and betrayal on the kids face.

You could not have hurt him more by stabbing him in the back with a knife. No amount of glib “Et tu Brute?” was going to make it better. His world had just become a dark, treacherous place. Somebody that he trusted, did not trust him. And, by placing the tracker on him in secret, they demonstrated that they were not worthy of trust. He had no way of knowing who it was. He probably suspected everybody.

I still have no idea what I could have said to restore the possibility of love and trust to that kid.

13 Likes

Odds-on it was his parents. Poor kid.

3 Likes

I used to do IT work as a side hustle. Some rich guy, who was CEO of a small insurance broker. He asked me to acquire and install a tracker on his kids machines, which did not try to hide it’s presence. It also worked as a filter for allowed applications and websites.

That guy is in jail now (for something else). The company around 2006 asked me to give an interview about the software for a local news channel. I declined saying the software was both unethical and ham fisted (and it was).

Probably for the best. Given the nature of the evidence; your only real option would have involved spinning some convincing lies.

There just isn’t a way to say “Odds are extremely good that one of the trusted parties with reasonably frequent physical access to your phone has stabbed you in the back; and planned to continue deceiving you about that fact for an unknown and potentially indefinite period of time. Also, anything that you kids these days do on your phones has already been disclosed to whoever that is, which probably includes a lot of material you would prefer be private.” that makes it sting less; because it’s a pretty damn serious insider threat problem; with the added bonus that the list of possible insiders is mostly people you hope(or are expected) to trust and look up to; not just some disgruntled employee.

My work computer is an HP, and does not have this file on it, so obviously not universa.

In my brief testing (going to a station that is logging and opening an admin command prompt) it doesn’t seem to have. There’s some other thing going on as well because I had a computer that was logging but after replacing the .exe to do testing on it it stopped logging - of our 77 machines affected by this I only seem to have 5 that are actually keeping a log file.

1 Like

Assuming this is a standard user-mode keylogger (i.e. it just listens for windows keyboard messages) then it would be impossible because the UAC dialog lives in a separate desktop (called the Secure Desktop), and message-hooks can only intercept messages sent on the same desktop, similarly the lock screen also lives in it’s own desktop, so you couldn’t log keypresses from there either. You could probably write a keylogger that hooks the kernel keyboard driver or something to get around that, not sure, that would need to run elevated itself of course.

1 Like

Thanks for that. My concern was that as a driver it interacts with the HAL which seems to me a greater risk than a user mode application might present.

I’m sure it tries to log the keys, but the HAL tells it “I’m afraid I can’t do that, Dave.”

3 Likes

My ancient, slow, apparently indestructible Gateway laptop has the Conexant driver. We have a small business and routinely get hacked despite my best security practices. I refuse to purchase a new computer for the crook(s) to pwn. HP has addressed their problem but Gateway website=nada. Will HP’s search-and destroy work for me?

This topic was automatically closed after 5 days. New replies are no longer allowed.