Warning: Declaration of Jetpack_IXR_Client::query() should be compatible with IXR_Client::query(...$args) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php on line 30 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:91) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794 {"id":336,"date":"2017-05-12T13:22:42","date_gmt":"2017-05-12T11:22:42","guid":{"rendered":"http:\/\/it-sicherheit.li\/?p=336"},"modified":"2017-05-12T10:25:56","modified_gmt":"2017-05-12T08:25:56","slug":"keylogger-lauscht-mit","status":"publish","type":"post","link":"https:\/\/it-sicherheit.li\/keylogger-lauscht-mit\/","title":{"rendered":"Keylogger lauscht mit"},"content":{"rendered":"

$\"\"$ <\/p>\n

Thorsten Schr\u00f6der von der Firma Modzero<\/a> hat, bei Sicherheitsanalyse<\/a> eine gravierende Sicherheitsl\u00fccke in HP Laptops entdeckt.<\/p>\n

Der eingesetzte Audio-Treiber schneidet Tastatureingaben mit. Dies vermutlich um die Tasten „lauter und leiser“ oder auch Mikrofon an oder aus zu erkennen. Das gef\u00e4hrliche ist jedoch das alle Eingaben in ein .log File geschrieben werden welches unter\u00a0C:\\Users\\Public\\MicTray.log ersichtlich ist.<\/p>\n

Die Audiokomponenten werden vom Hersteller Conexant geliefert, auch der besagte Treiber wird von dieser Firma bereitgestellt.<\/p>\n

Thorsten Schr\u00f6der hat herausgefunden dass dieser Treiber seit mindestens Weihnachten 2015 besteht und auf HP-Rechnern zum Einsatz kommt.<\/p>\n

Die Log Datei wird zwar nach jedem Neustart \u00fcberschrieben, problematisch wird dies jedoch bei Personen die Ihren Laptop oder PC selten ausschalten und lieber den Energiesparmodus verwenden. \u00a0In diesem Fall wird die Log Datei immer weiter wachsen und alle Eingaben und Kennw\u00f6rter enthalten.<\/p>\n

Um herauszufinden ob der lauschende Audiotreiber installiert ist kann nach folgendem Programm gesucht werden:<\/p>\n

C:\\Windows\\System32\\MicTray64.exe<\/p>\n

oder<\/p>\n

C:\\Windows\\System32\\MicTray.exe<\/p>\n

Empfohlen wird diese Programme zu entfernen oder umzubenennen.<\/p>\n

Der Nachteil ist dass, sobald diese Programme deaktiviert sind, die Sondertasten f\u00fcr Audioeinstellungen nicht mehr funktionieren werden.<\/p>\n

<\/p>\n

Folgende Ger\u00e4te sind, nach Aussagen von Modzero betroffen:<\/p>\n

HP EliteBook 820 G3 Notebook PC\r\nHP EliteBook 828 G3 Notebook PC\r\nHP EliteBook 840 G3 Notebook PC\r\nHP EliteBook 848 G3 Notebook PC\r\nHP EliteBook 850 G3 Notebook PC\r\nHP ProBook 640 G2 Notebook PC\r\nHP ProBook 650 G2 Notebook PC\r\nHP ProBook 645 G2 Notebook PC\r\nHP ProBook 655 G2 Notebook PC\r\nHP ProBook 450 G3 Notebook PC\r\nHP ProBook 430 G3 Notebook PC\r\nHP ProBook 440 G3 Notebook PC\r\nHP ProBook 446 G3 Notebook PC\r\nHP ProBook 470 G3 Notebook PC\r\nHP ProBook 455 G3 Notebook PC\r\nHP EliteBook 725 G3 Notebook PC\r\nHP EliteBook 745 G3 Notebook PC\r\nHP EliteBook 755 G3 Notebook PC\r\nHP EliteBook 1030 G1 Notebook PC\r\nHP ZBook 15u G3 Mobile Workstation\r\nHP Elite x2 1012 G1 Tablet\r\nHP Elite x2 1012 G1 with Travel Keyboard\r\nHP Elite x2 1012 G1 Advanced Keyboard\r\nHP EliteBook Folio 1040 G3 Notebook PC\r\nHP ZBook 17 G3 Mobile Workstation\r\nHP ZBook 15 G3 Mobile Workstation\r\nHP ZBook Studio G3 Mobile Workstation\r\nHP EliteBook Folio G1 Notebook PC<\/pre>\n<\/a><\/a><\/a><\/a><\/a><\/a><\/a>","protected":false},"excerpt":{"rendered":"Thorsten Schr\u00f6der von der Firma Modzero hat, bei Sicherheitsanalyse eine gravierende Sicherheitsl\u00fccke in HP Laptops entdeckt. Der eingesetzte Audio-Treiber schneidet Tastatureingaben mit. Dies vermutlich um die Tasten „lauter und leiser“ oder auch Mikrofon an oder aus zu erkennen. Das gef\u00e4hrliche ist jedoch das alle Eingaben in ein .log File geschrieben werden welches unter\u00a0C:\\Users\\Public\\MicTray.log ersichtlich ist. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,35],"tags":[109,110,107,108],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/336"}],"collection":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/comments?post=336"}],"version-history":[{"count":1,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/336\/revisions"}],"predecessor-version":[{"id":338,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/336\/revisions\/338"}],"wp:attachment":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/media?parent=336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/categories?post=336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/tags?post=336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}