HP has been shipping audio drivers with built-in keyloggers for at least 18 months, according to a Swiss security company.
The security firm, Modzero, claims that HP has been engaging in the practice since at least Christmas 2015. It has published a blog describing the security threat.
Through its examination of Windows Active Domain infrastructures, it found that HP released an update to its audio drivers in 2015 that introduced new diagnostic and debugging features to detect whether a special key had been pressed.
That seemed innocent enough but, on further examination, Modzero found that the audio driver package -developed and digitally signed by the audio chip manufacturer Conexant - has been poorly implemented, turning the driver "effectively into keylogging spyware".
Modzero claims that, on the basis of meta-information in the files, the keylogger has been present on HP computers since at least Christmas 2015.
Not only that, but Modzero's investigation reveals that the most recent version - 22.214.171.124 - implements the logging of all keystrokes into the file 'C:\Users\Public\MicTray.log', which can be read by anyone able to access the PC.
"Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools," the security firm suggested.
It continued: "If you regularly make incremental backups of your hard-drive - whether in the cloud or on an external hard-drive - a history of all keystrokes of the last few years could probably be found in your backups."
However, Modzero says that there's "no evidence" that the keylogger has been intentionally implemented, either by HP or Conexant. Instead, it's more likely to blame on "negligence of the developers", which although makes the whole thing a little less malicious, doesn't make the software any less harmful.
Regardless, Modzero is advising that everyone who owns a HP computer should be on guard, and check whether C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed.
"We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore," it advised.
"However, the special function keys on the keyboards might no longer work as expected. If a 'C:\Users\Public\MicTray.log' file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords."
HP has yet to return our request for comment.
Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.
Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.
Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now.
AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. See the finalists - and secure a table for your team at the Awards - now
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps