Schroeder says he attempted to contact Conexant about the driver twice, once via email in April and again in May via Twitter, but failed to hear back both I'm looking for a software security contact at Conexant.
“If the developer would just disable all logging, using debug-logs only in the development environment, there wouldn’t be problems with the confidentiality of the data of any user,” Schroeder wrote Thursday. Thorsten Schroeder, ModZero’s senior security consultant and CEO, says there’s no proof the program was intentionally implemented but that it mostly demonstrates the developers’ “negligence.” Researchers say it’s not known if the log data is submitted to Conexant or for that matter why the keystrokes are logged being logged in the first place. Researchers surmised the software has been recording keystrokes since version 1.0.0.31 was released, on Christmas Eve 2015, but stress that the same problem exists in the most recent version, 1.0.0.46, released last October. While the file is overwritten each time, ModZero says it could easily be recruited by a running process or analyzed by someone with forensic tools. Furthermore, since the program isn’t considered malicious, malware authors wouldn’t have trouble capturing victim’s keystrokes either. Researchers say the keylogger comes registered as a Microsoft Scheduled Task, so it runs after each user login. Anyone with access to the unencrypted file system could recover the data. ModZero is warning the issue (CVE-2017-8360) could lead to the leaking of sensitive user information, such as passwords. The keylogger broadcasts the keystrokes through a debugging interface and writes them to a log file, C:\Users\Public\MicTray.log. Researchers with the firm say the program monitors all keystrokes made by the user and that it’s been programmed to capture and react to functions such as microphone mute/unmute keys/hotkeys.
ModZero, a Swiss security firm, found the file–which it calls a keylogger, and disclosed it Thursday via an advisory on its site. The culprit appears to be version 1.0.0.31 of MicTray64.exe, a program that comes installed with the Conexant audio driver package on select HP machines. An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday.
0 kommentar(er)
