Keylogger in Hewlett-Packard Audio Driver

<i>Actually, the purpose of the software is to recognize whether a special key has been pressed or released.</i><p>I&#x27;m doubtful of the utility of software like this. Every driver and application seems to want to keep a persistent background process running, and because of the natural inefficiency of software (this executable is ~2MB --- why it needs to be this big, I&#x27;m not certain; from a brief inspection, all it seems to be doing is controlling microphone mute&#x2F;unmute), results in a huge waste of resources and new computers which appear no more responsive and than older ones.<p>However, to put the severity of this problem in perspective, from the description this is not like a typical keylogger that sends keystrokes out to some remote server; it only logs locally.<p><i>If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive – a history of all keystrokes of the last few years could probably be found in your backups.</i><p>There&#x27;s going to be plenty of <i>other</i> sensitive information in your backups, which if you don&#x27;t want others to read you would use encryption anyway, in which case the point is rather moot.<p><i>Any process that is running in the current user-session and therefore able to monitor debug messages, can capture keystrokes made by the user.</i><p>...or it could just monitor the keystrokes itself with SetWindowsHookEx() like this process.<p>Thus, I think the correct reaction to this is more towards the &quot;oops... that wasn&#x27;t a good idea&quot; than &quot;everybody panic!&quot;

One thing I really like about Linux: random platform-specific hardware features like the mic button or whatever this is are handled by an open source &quot;platform&quot; driver in the kernel. These drivers expose a more or less uniform interface to user code.<p>So, when I install Linux on a laptop, most or all of the weird laptop-specific buttons just work without OEM crapware or runtime performance hits.<p>The downside, of course, is that you can&#x27;t just download fresh crapware to make your brand new laptop fully functional. I&#x27;ll take that tradeoff.

As a rule of thumb, you have:<p><pre><code> * Decent software companies terrible at making hardware * Decent hardware companies terrible at making software </code></pre> I yet have to see one that does both correctly. Hardware manufacturers are known to produce the worst code quality you can think of, badly designed, poorly written, undocumented, insecure, bloated.<p>I have the feeling that the whole IoT problem is also related.

&gt; Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive.<p>Looks like it&#x27;s not intentional. Although really poor code-quality process I would say.

I&#x27;m strangely not surprised with HP and their actions (in this case, a lack there of). It reminds me of the Bose issue a year or so back with their products.<p>And the impact in which HP is going to experience - is nothing. Most people still to this day really don&#x27;t care&#x2F;understand on why this is a problem. They just want to get a computer for school, General internet surfing or watch cat videos. (Cat and Dog videos are quite interesting.)

I remember in the late 90&#x27;s early 2000&#x27;s when HP was embracing linux and open source... and then they merged with Compaq and I&#x27;ve seen nothing but mistake after mistake from them since.<p>I&#x27;m really tired of seeing companies positioned to make good things and better the world get focused on quarter profits and short term thinking, because it <i>always</i> bites them in the ass eventually.<p>Mismanagement from the C level <i>up</i> abounds.

I archived the HP page just in case: <a href="https:&#x2F;&#x2F;archive.fo&#x2F;FjWUv" rel="nofollow">https:&#x2F;&#x2F;archive.fo&#x2F;FjWUv</a>

&gt; ...or it could just monitor the keystrokes itself with SetWindowsHookEx() like this process.<p>...which any AV will immediately flag. This allows malware to keylog in a much less detectable way by piggybacking off trusted HP software

This is one of the main reasons for libre&#x2F;free&#x2F;open&#x2F;choose_your_term software.<p>Even when malice is not to be checked for, genuine error, incompetence, forgetfulness or plain indifference must be checked for.

Is this an old article? Conexant was acquired by Philips a while back.

Wow. That&#x27;s going to hit HP

&quot;Neither HP Inc. nor Conexant Systems Inc. have responded to any contact requests. Only HP Enterprise (HPE) refused any responsibility, and sought contacts at HP Inc. through internal channels.&quot;<p>A keylogger and this is their response?<p>I hope they get the shit sued out of them.

MicBleed

googling &quot;conexant keylogger&quot; shows this is not a new problem.

This is fucked up world we live in !

To fix the super-wide article:<p><pre><code> document.querySelector(&#x27;.blogbody&#x27;).setAttribute(&quot;style&quot;, &quot;max-width:650px; margin: 0px auto;&quot;);</code></pre>

Please, use a max-width on text columns. The article is unreadable on a large screen.