按鍵記錄器會(huì)通過(guò)監(jiān)控用戶所按下的鍵來(lái)記錄所有的按鍵。惡意軟件和木馬通常會(huì)使用這種功能來(lái)竊取用戶賬戶信息、信用卡號(hào)、密碼等私人信息?;萜沼?jì)算機(jī)帶有集成電路廠商Conexant開(kāi)發(fā)的音頻芯片,該廠商還會(huì)為音頻芯片開(kāi)發(fā)驅(qū)動(dòng)即Conexant高清音頻驅(qū)動(dòng),有助于軟件跟硬件通信。根據(jù)計(jì)算機(jī)機(jī)型的不同,惠普還將一些代碼嵌入由Conexant開(kāi)發(fā)的音頻驅(qū)動(dòng)中從而控制特殊鍵如鍵盤上的Media鍵。
這個(gè)記錄文件位于公用文件夾C:\Users\Public\MicTray.log中,包含很多敏感信息如用戶登錄數(shù)據(jù)和密碼,其它用戶或第三方應(yīng)用程序都可訪問(wèn)。因此安裝到計(jì)算機(jī)上的惡意軟件甚至是能物理接近計(jì)算機(jī)的人都能夠復(fù)制日志文件并訪問(wèn)所有的用戶按鍵、提取敏感數(shù)據(jù)如銀行詳情、密碼、聊天日志和源代碼。
2015年,這個(gè)按鍵記錄功能以新的診斷功能身份在惠普音頻驅(qū)動(dòng)版本1.0.0.46中推出,并自此有近30款惠普計(jì)算機(jī)都內(nèi)置有這種功能。
受影響的機(jī)型包括HP Elitebook 800系列、EliteBook Folio G1、HP ProBook 600和400系列等等。完整列表如下:
硬件產(chǎn)品型號(hào)(S)
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC
操作系統(tǒng)(S)
Microsoft Windows 10 32
Microsoft Windows 10 64
Microsoft Windows 10 IOT Enterprise 32-Bit (x86)
Microsoft Windows 10 IOT Enterprise 64-Bit (x86)
Microsoft Windows 7 Enterprise 32 Edition
Microsoft Windows 7 Enterprise 64 Edition
Microsoft Windows 7 Home Basic 32 Edition
Microsoft Windows 7 Home Basic 64 Edition
Microsoft Windows 7 Home Premium 32 Edition
Microsoft Windows 7 Home Premium 64 Edition
Microsoft Windows 7 Professional 32 Edition
Microsoft Windows 7 Professional 64 Edition
Microsoft Windows 7 Starter 32 Edition
Microsoft Windows 7 Ultimate 32 Edition
Microsoft Windows 7 Ultimate 64 Edition
Microsoft Windows Embedded Standard 7 32
Microsoft Windows Embedded Standard 7E 32-Bit
研究人員還告警稱“很可能其它使用了Conexant硬件和驅(qū)動(dòng)器的硬件廠商”也受影響。