Samsung PrivacyOn Wednesday, March 30, 2011, a story broke on Network World which has quickly gained traction. Mohamed Hassan, an IT Consultant based out of Toronto, believes he has discovered the presence of keylogging software on two separate model of R series laptops made by Samsung Electronics, and he believes they were placed there intentionally by the manufacturer. Read his account of the discovery below.

The Detection

While setting up a new Samsung computer laptop with model number R525 in early February 2011…I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a StarLogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes. This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don’t even have to be at the computer you are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop, and continued using the computer. However, after experiencing problems with the video display driver, I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store.

Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops. [Via]

Key things to note from the above account: First, StarLogger records EVERYTHING being typed, even protected passwords. Second, the same keylogger was found on two separate, brand new models of Samsung computer. These were not refurbished systems. Third, ZERO notice was given to the end-user that this software was installed…not before purchase and not after boot or in any documentation.

Hassan contacted Samsung Support on March 1, 2011 for more information on this matter. Here is his account of that exchange:

Samsung Support Response

On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since “all Samsung did was to manufacture the hardware.” When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.” In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners. [Via]

Samsung has not yet officially responded, but if these allegations are true there could be far-reaching ramifications for the corporation, in terms of both finance and reputation. In the meantime, if you own ones of these laptops, you may want to suspend typing any sensitive information on these systems until the issue is sorted out.

UPDATE 3/30: Samsung Official Response
Samsung spokesman Jason Redmond said that Samsung Electronics is looking into Hassan’s allegations. “We take these claims very, very seriously,” he said. He had not previously heard of the problem, or heard of de Willebois Consulting, maker of StarLogger. “We have no understanding of a relationship with this company and we have no prior knowledge of this software being on our laptops,” he said.

UPDATE 3/31: Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft’s Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here. Still no explanation for why Samsung originally confirmed the keylogger’s existence to Hassan, as seen below.

UPDATE 3/31: GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: “We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive.”

The United States Government has voiced support for legislation intended to establish a privacy “Bill of Rights” to protect a basic level of privacy online.

The Barracuda Labs year-end security report for 2010 was recently published. This annual report looks at various threats around the web involving malware, search engine security, and cyber crimes on networks such as Twitter.

We all know that the delineation between public and private was eroded by Facebook a long time ago. Over. Done. But now Facebook’s sheer scale is pushing it in a new direction, one that encroaches on your authenticity.

On Friday, February 11, 2011, the United States government made another huge domain seizure. The Cyber Crime Centers of ICE seized a slew of domains acting on behalf of “Operation Save Our Children,” an anti-child pornography initiative. As has become all too common with these types of seizures however, a mistake was made and innocent sites were targeted.

Everyone on the web knows about Google –the search engine giant is so ubiquitous that “googling” has become a part of our standard dialogue. And, thanks to Microsoft’s advertising budget, many consumers are now seeking out Bing as a search alternative. But what about smaller and quirkier? Have you heard of DuckDuckGo for example?


/*Ed Gluzman already posted an article discussing Google’s confirmation of collecting data from Wi-Fi networks, but I wanted to wait a few days and see how the general feeling about the issue evolved.
I have to say that I am dismayed at the lack of concern over it.  The reaction was comparatively [...]


/*Google has confirmed today in their official blog post, that they have been collecting data from Wi-Fi networks with their Google Maps Street View Cars as they have driven around. The issue was brought up several weeks ago by the data protection authority (DPA) in Hamburg, Germany.  Google has denied that it collected personally identifiable [...]


/*Google recently released their latest attempt at capturing the social media market in a service called Google Buzz.  But, the backlash of privacy concerns that often seem to nip at Google’s heels erupted at a level unseen before.
Let’s not forget that when Google CEO Eric Schmidt was asked about the growing concerns in the public [...]

© 2011