TSF - Enthusiast
NetFlash: Samsung installs keylogger on its laptops
UPDATE: Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation.]
A user discovered a keylogger pre-installed on two brand-new Samsung laptops that the company admitted was there to "monitor the performance of the machine and to find out how it is being used."
Mohamed Hassan wrote in Mich Kabay’s Security Strategies newsletter that as soon as he received his Samsung R525 laptop, he ran a full system scan and found a commercial keylogger called StarLogger.
StarLogger claims it records every keystroke made on the computer, even on password-protected boxes, starting up whenever the computer starts up. The software emails results at intervals to a specified email address and will even include screen captures.
Hassan ended up buying a second Samsung laptop, a model R540, and found the same keylogger installed on that one.
"The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops," he writes.
Hassan reports that at first Samsung Support personnel denied that they installed the software and directed him to Microsoft, but then eventually admitted that Samsung was responsible.
As Hassan notes, the incident is reminiscent of the Sony BMG rootkit fiasco of 2005. At the time, Sony BMG used a rootkit to monitor computer user behavior and limit how music CDs were used on the computer.
Kabay says that Samsung has not responded to further requests for comment.