Conexant audio driver for headphones, which is installed on the computers, records the user's keystrokes to a file on disk, we're told. This file – C:\Users\Public\MicTray.log – can be read by any malware running on or anyone logged into the system.
The dodgy code lurks on HP Elitebook, Probook and Zbook laptops running Windows 7 or 10 and HP's bundled software. It was discovered by researchers at Swiss outfit Modzero, who went public with the programming cockup in an advisory on Thursday. It appears to be the result of debugging routines left lingering in the driver.
Modzero suggests people delete the MicTray utility and its logs, pending the availability of a patch to kill off the key logging. It also offers a comprehensive list of affected HP laptops.
In a statement, HP acknowledged the issue and said that a software fix would soon be available: HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version. Fixes will be available shortly via HP.com.