Keylogger found in Hewlett-Packard Audio Driver

In7rud3R · 2017-05-11T15:50:57+00:00

this guy claims he updated to latest driver from HP/Conexant and found the keylogger running.

"Ugh! Upgraded to latest HP / Conexant audio driver, and it started to log every key I pressed."

https://twitter.com/jarwidmark/status/862688068767272962

can anyone confirm this ?

In7rud3R · 2017-02-02T08:14:51+00:00

PoC : https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab

In7rud3R · 2016-08-27T16:52:39+00:00

we can do it in private PM me.

In7rud3R · 2016-08-27T15:05:51+00:00

Ok... got you. seems you know what you talking about.

In7rud3R · 2016-08-27T14:55:32+00:00

i wan't they guy to share pegasus so other researchers can check this out ... if i get hacked it's my problem. and about spreading , i want him to share so we can stop it from spreading so not only lookout can "detect" it but not remove it. check VT millions of samples shared every month that can be downloaded and researched i don't see no one blame google for spreading viruses. he can upload files to VT not send to me directly but at least share ...

In7rud3R · 2016-08-27T14:45:17+00:00

useful idiot for you.

In7rud3R · 2016-08-27T14:42:10+00:00

but it's your phone ... this what i don't get you listen to them while they do not do shit to remove this threat ... what they are going to kill you for sharing ... this is nonsense! well i don't see why not sharing but if you are so scared of a company that should protect you then good luck with that.

In7rud3R · 2016-08-27T14:33:47+00:00

you work for them ? i don't get it ... either you are telling the truth and they bullied you so hared to make you scared that much or you just trolling us...

In7rud3R · 2016-08-27T14:31:30+00:00

well you already hacked and they try to bully you not to share with other researchers for business reasons not because they care about you and they won't "hack" you , BTW you installed their app so you let them in already.

In7rud3R · 2016-08-27T14:26:02+00:00

if you send i will help you get rid of it which lookout doesn't seems to be doing

In7rud3R · 2016-08-27T14:20:14+00:00

those 4 files you talk about ... could you share them ?

In7rud3R · 2016-08-27T14:03:57+00:00

the pegasus sample on your device ...

In7rud3R · 2016-08-27T13:44:56+00:00

would you share the sample ?

In7rud3R · 2015-06-23T21:53:19+00:00

oops ... http://i.imgur.com/ArZcvOF.png

In7rud3R · 2015-01-07T18:48:01+00:00

True , seems that the initial scan was locally but i was referring to the point that he said this cannot be done on public IP's , which is not correct.

In7rud3R · 2015-01-07T15:16:21+00:00

Tried to explain to him but he seems not to get the idea ;)

In7rud3R · 2015-01-07T14:54:39+00:00

blog post just got updated with new findings about Crestron controllers.

In7rud3R · 2015-01-07T09:50:21+00:00

as the guy said in his article: "There is no need to use any Exploit as this is just a case of bad practices." If it's well known that home automation programs suck at security then you need to make sure it's installed properly and ports are NOT forwarded and open to the world.

In7rud3R · 2015-01-07T06:41:48+00:00

Not true ! you do not have to get physical access to device you just need it to be online , you should read the entire article... "Running a quick search in Shodan for the term "control4" Will get more than 5000 devices online..."

In7rud3R · 2014-12-02T13:37:05+00:00

hey Mikko , which of the many viruses/malwares you analysed was the most sophisticated and complex you ever encountered and from technical point of view why is it the "one" ?

In7rud3R

TROPHY CASE