Samsung PrivacyOn Wednesday, March 30, 2011, a story broke on Network World which has quickly gained traction. Mohamed Hassan, an IT Consultant based out of Toronto, believes he has discovered the presence of keylogging software on two separate model of R series laptops made by Samsung Electronics, and he believes they were placed there intentionally by the manufacturer. Read his account of the discovery below.

The Detection

While setting up a new Samsung computer laptop with model number R525 in early February 2011…I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a StarLogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes. This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don’t even have to be at the computer you are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop, and continued using the computer. However, after experiencing problems with the video display driver, I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store.

Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops. [Via]

Key things to note from the above account: First, StarLogger records EVERYTHING being typed, even protected passwords. Second, the same keylogger was found on two separate, brand new models of Samsung computer. These were not refurbished systems. Third, ZERO notice was given to the end-user that this software was installed…not before purchase and not after boot or in any documentation.

Hassan contacted Samsung Support on March 1, 2011 for more information on this matter. Here is his account of that exchange:

Samsung Support Response

On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since “all Samsung did was to manufacture the hardware.” When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.” In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners. [Via]

Samsung has not yet officially responded, but if these allegations are true there could be far-reaching ramifications for the corporation, in terms of both finance and reputation. In the meantime, if you own ones of these laptops, you may want to suspend typing any sensitive information on these systems until the issue is sorted out.

UPDATE 3/30: Samsung Official Response
Samsung spokesman Jason Redmond said that Samsung Electronics is looking into Hassan’s allegations. “We take these claims very, very seriously,” he said. He had not previously heard of the problem, or heard of de Willebois Consulting, maker of StarLogger. “We have no understanding of a relationship with this company and we have no prior knowledge of this software being on our laptops,” he said.

UPDATE 3/31: Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft’s Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here. Still no explanation for why Samsung originally confirmed the keylogger’s existence to Hassan, as seen below.

UPDATE 3/31: GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: “We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive.”

One Response to “Is Samsung Recording Your Every Keystroke on New Laptops? [UPDATED]”

  1. consernerd nerd says:

    Maybe samsung is going to go into the porn biz and wanted to see what was most popular?

Leave a Reply



© 2011