Anyone have Samsung computer? Check for keyloggers

24 replies
Found 30th Mar 2011
While setting up a new Samsung R525 laptop in early February 2011, Mohamed Hassan, came across an issue.

He installed licensed commercial security software and then ran a full system scan before installing any other software.

The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

It looks like this was installed by Samsung.

Check out the full story here:

networkworld.com/new…e=1

Nasty.

  1. Misc
  2. Samsung
24 Comments

Wow. Absolutely dreadful beahaviour!!!

Banned

"This key logger is completely undetectable" and he found it with "have used the tool that discovered it for six years now"

I wouldn't be surprised if the place he bought the laptop from had installed the key logger prior to sale, that is more likely than Samsung doing it.

Had a little look on my netbook and as yet no sign...

Will do a deep search tomorrow during the day whilst at school...

whatsThePoint

"This key logger is completely undetectable" and he found it with "have … "This key logger is completely undetectable" and he found it with "have used the tool that discovered it for six years now"



exactly how did he discover it then...... 6 years out of date

lucky i dont buy any Samsung products

Edited by: "MR1123" 30th Mar 2011

rwm24

I wouldn't be surprised if the place he bought the laptop from had … I wouldn't be surprised if the place he bought the laptop from had installed the key logger prior to sale, that is more likely than Samsung doing it.



He found it on two samsung laptops and was told by samsung themselves that they put it on...

Apart from that your theory is perfect

anyone see which software he used to detect ?

I'll run recuva on it tomorrow to find the b*****d

i guess he means undetectable in normal use

tomwatts

I'll run recuva on it tomorrow to find the b*****d



lol

rwm24

I wouldn't be surprised if the place he bought the laptop from had … I wouldn't be surprised if the place he bought the laptop from had installed the key logger prior to sale, that is more likely than Samsung doing it.



networkworld.com/new…tml

I imagine it's probably gmer.net/

oldmanhouse

Someone probably bought the laptop, installed the keylogger and returned … Someone probably bought the laptop, installed the keylogger and returned it. If done on a mass scale (if it was a criminal gang, rather than one individual) I suppose it could prove quite profitable. Would never suspect it myself but the first thing I do is install anti-virus so it would have been picked up before I got around to browsing the internet.



samsung admitted they installed it

oldmanhouse

Someone probably bought the laptop, installed the keylogger and returned … Someone probably bought the laptop, installed the keylogger and returned it. If done on a mass scale (if it was a criminal gang, rather than one individual) I suppose it could prove quite profitable. Would never suspect it myself but the first thing I do is install anti-virus so it would have been picked up before I got around to browsing the internet.



In the first part of this two-part report, MSIA 2009 graduate Mohamed … In the first part of this two-part report, MSIA 2009 graduate Mohamed Hassan told of discovering a keylogger on two different models of Samsung portable computers. Today he continues the story. Everything that follows is Mr Hassan's own work with minor edits. * * *On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since "all Samsung did was to manufacture the hardware." When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors. The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used." In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.While in the Sony BMG security incident described in the first article in this pair one had to buy and install the CD on one's computer, Samsung has gone one step further by actually preinstalling the monitoring software on its brand laptops. This is a déjà vu security incident with far reaching potential consequences. In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007). Samsung's conduct may be illegal; even if it is eventually ruled legal by the courts, the issue has legal, ethical, and privacy implications for both the businesses and individuals who may purchase and use Samsung laptops. Samsung could also be liable should the vast amount of information collected through StarLogger fall into the wrong hands. [Mich Kabay adds:]We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied. Good luck, Samsung! We see a class-action lawsuit in your future….


a new Samsung computer laptop



one assumes from the article it's a new retail unit so wouldnt have been touched by anyone other than Samsung
Edited by: "numptyj" 30th Mar 2011

MR1123

samsung admitted they installed it



Whoops, should really read the article first. Hope Samsung get punished for it.

Banned

rwm24

I wouldn't be surprised if the place he bought the laptop from had … I wouldn't be surprised if the place he bought the laptop from had installed the key logger prior to sale, that is more likely than Samsung doing it.



2 different retailers and samsung admitting they did install it isn't enough for you to believe they did?

Original Poster

Update:

More info here, including a "How to detect and remove" (scroll some way down)

nodpi.org/for…tml

You'd have thought Sony's very public and very costly embarrassment, over handing out rootkits on audio CDs would have been enough to put companies, with even a moderate amount of integrity, off pulling this kind of stunt.



Sounds like a load of rubbish, nobody has detected, nobody from samsung has said anything except whispers, they haven't admitted its the author saying a source at Samsung or something else unbelieveable, a source at Sony said PS3's have butter inside is the same sort of thing.

by the sounds of it he's just searched with Spyware Dr and found something and it may not even be a keylogger

This is just someone looking for publicity,

Interesting... Looks like I'll be doing the clean install on my Q330 after all, been putting it off due to laziness.

uuummm
Mohamed Hassan, MSIA, CISSP, CISA

gonna have to change his name to dodge this one i think

Storm in a tea cup.

Here's a proper report on this incident
Post a comment
Avatar
@
    Text
    Top Discussions
    1. HUKD Nintendo Switch owners thread941396
    2. Marmite1823
    3. Krack WiFi vuln1121
    4. UBER can be a waste of money1019

    See more discussions