Samsung Reportedly Installing Keyloggers On Its Laptops

31 Mar

Samsung has said they are looking into this: “Samsung takes Mr. Hassan’s claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available.” So far Hassan is the only person to report this, so it could be any number of things, including a false alarm or a bad retailer.

This is… potentially disturbing. Mohamed Hassan recently purchased a brand-new Samsung tech gadgets an R525. As part of his normal setup procedure, he ran a complete scan with security software and found a keylogger installed in the Windows directory. Now, Samsung wouldn’t be the first company to accidentally ship infected computers — Asus had such a disaster back in 2008.

Thinking this might be the case, Hassan removed the keylogger (Star Logger in C:\Windows\SL) and went about his business. But after an issue with the display driver a short time later, he returned the laptop and picked up a higher-end R540. Lo and behold, on running his security scan, Star Logger was found yet again!

This isn’t some system failure logging utility, by the way. It’s a full-blown keylogger that records every key press.

I’ll let Hassan tell the story here:

On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since “all Samsung did was to manufacture the hardware.” When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”

So. After denying the software existed, then saying that they just make the these tech gadgets, they finally acknowledge that yes, Samsung installs malicious software on their own laptops in order to record user behavior.

I don’t think I need to go into the specifics of why this is a shocking breach of trust and presumably illegal as well. We’ll keep an eye out for further developments, but in the meantime, if you have a Samsung laptop, look in C:\Windows for a \SL directory. If you see one, contact Samsung and get mad. This is totally unacceptable and hopefully we’ll get some satisfaction from Samsung on this point soon. I just don’t understand how they could think this was even close to okay, and even after justifying it, how it could possibly escape detection.

Mohamed Hassan and his collaborator Mich Kabay at Network World have contacted Samsung several times for comment, but have received no response so far. I look forward to their answer. Let’s hope it’s all just a big mistake.

 

Source from CrunchGear

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: