Samsung Accused Of Installing Secret Keyloggers On New Laptops 'To Monitor Performance' [Updated]

from the that's-not-going-to-go-over-well dept

See update at the bottom

According to a report by Mohamed Hassan at Network World, Samsung has been installing secret keyloggers on laptops. After setting up a new laptop, he ran a scan and found an installation of StarLogger, a commercial keylogger program. It's a rather nefarious piece of software:
This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don't even have to be at the computer your[sic] are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.
Hassan claims to have found the same keylogger on two separate laptops from Samsung, and after calling the company, finally had a supervisor claim that the company did it to monitor usage:
On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since "all Samsung did was to manufacture the hardware." When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."
Of course, it's entirely possible that the supervisor was confused as well. Frankly, like some others, I find it hard to believe that Samsung corporate policy could be so clueless as to install secret keyloggers on all laptops. If it is true, however, I imagine the company will be facing one hell of a lawsuit in the very near future.

Update: It looks like my skepticism on this story may have been justified. Samsung is claiming that the researcher got a false positive, and confused a language folder for a keylogger:
"Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan.

"The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, labelled 'SL,' as StarLogger. Depending on the language, under C:\Windows folders are created labelled 'SL' for Slovene, 'KO' for Korean, 'EN' for English."
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: keylogger, monitoring, rootkit
Companies: samsung


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 30 Mar 2011 @ 2:14pm

    I don't think that phrase means what the developer thinks it means

    This key logger is completely undetectable


    Whoops.

    link to this | view in thread ]

  2. icon
    Miff (profile), 30 Mar 2011 @ 2:22pm

    Yet another reason for using white box computers instead of OEMs.

    And yet another reason why we need a universal standard for laptop hardware. :x

    link to this | view in thread ]

  3. icon
    Spaceboy (profile), 30 Mar 2011 @ 2:26pm

    Does the US government or military rely on Samsung laptops?

    link to this | view in thread ]

  4. icon
    Chuck Norris' Enemy (deceased) (profile), 30 Mar 2011 @ 2:34pm

    Spy on me!

    It will be interesting to see how Samsung responds to this. I don't know if the SS really knows they pre-installed the keylogger. Samsung PR hasn't replied to inquiries, so ratcheting up the pressure from consumer and privacy advocate groups will be a must. I have read one of the fears of getting all our electronics from China is that this leaves the ability of the Chinese government to install such spying software/malware. If Samsung really knew about this then it is sad since I generally like their products and they have really good customer support in the few times I had to deal with them.

    link to this | view in thread ]

  5. icon
    Markus Hopkins (profile), 30 Mar 2011 @ 2:42pm

    Remember Kids...

    Practice safe computing. Always put on a fresh operating system before using a new computer, because you never know where it's been.

    link to this | view in thread ]

  6. icon
    Matthew (profile), 30 Mar 2011 @ 2:48pm

    This story may be premature.

    After reading the original piece, i'm not convinced that Samsung is to blame, despite their apparent confession. The confession came from a mid-level tech support manager. I don't know about you, but i wouldn't trust one of those guys to find his own ass with a map and a gps, so it's plausible that he incorrectly confessed, confusing the keylogger with some legitimate performance monitoring tool.
    Hassan bought the two computers from the same store. It's much more likely that someone there is behind it.

    I'm not saying Samsung didn't do it, just that it might not be as open-and-shut as it appears at first glance.

    link to this | view in thread ]

  7. identicon
    MrWilson, 30 Mar 2011 @ 2:51pm

    Re: Remember Kids...

    Or rather, you do know where it's been and that's why you should be concerned.

    link to this | view in thread ]

  8. identicon
    HothMonster, 30 Mar 2011 @ 2:52pm

    "SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since "all Samsung did was to manufacture the hardware." When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors. "

    Samsung Support might want to consider changing their name to Samsung customer support, or tech support or whatever.

    Although in light of moves like this SS may be an appropriate acronym

    link to this | view in thread ]

  9. icon
    pixelpusher220 (profile), 30 Mar 2011 @ 2:52pm

    Re: This story may be premature.

    From here http://www.networkworld.com/newsletters/sec/2011/032811sec2.html?page=2

    "I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store. "

    I agree its not yet open and shut, but different stores make it harder for one rogue person.

    link to this | view in thread ]

  10. identicon
    HM, 30 Mar 2011 @ 2:53pm

    Re:

    I dont see what universal hardware would do to prevent the manufacturer from putting software on the machine

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 30 Mar 2011 @ 2:54pm

    Re: Spy on me!

    I have a 40 in Samsung TV....do you think its watching me?

    link to this | view in thread ]

  12. icon
    Matthew (profile), 30 Mar 2011 @ 2:54pm

    Re: Re: This story may be premature.

    Oops - missed the "another store" part. That does look worse.

    link to this | view in thread ]

  13. icon
    Markus Hopkins (profile), 30 Mar 2011 @ 2:56pm

    Re: Re: Remember Kids...

    Yes and no. You know the manufacturer its from, but as we've seen from the pics of the iPhone factory workers, that really doesn't mean much. On top of that, anything can happen at the retail level. And finally, on top of all of that, you have no idea what "partnerships" have been made with OEMs for preinstalled bloatware. So most joking aside, you really have no idea what's going on in there, and a clean install is the best - and only reliably safe - solution.

    link to this | view in thread ]

  14. icon
    Markus Hopkins (profile), 30 Mar 2011 @ 2:59pm

    Re:

    I completely missed that, thank you. I think I've played to much Civ, where SS stands for Space Ship....

    link to this | view in thread ]

  15. identicon
    TheStupidOne, 30 Mar 2011 @ 3:12pm

    Re:

    I'd hope that the gov't and military use only internally built images and standard hardware as well as not let anybody outside of IT have admin right to their computers

    link to this | view in thread ]

  16. icon
    wnyght (profile), 30 Mar 2011 @ 3:32pm

    Re: Re:

    the next time you need a new desk top, build it yourself, and then see who installs what software on it.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 30 Mar 2011 @ 3:34pm

    Re: Re: Spy on me!

    You may want to put the TV outside when you are playing with the wife.

    link to this | view in thread ]

  18. identicon
    Chris Brand, 30 Mar 2011 @ 3:42pm

    Performance of what ?

    Could be a very good test of the performance of the class action lawsuit process, I'd think...

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 30 Mar 2011 @ 3:48pm

    Re: Performance of what ?

    All a class action suit ever does is enrich the lawyers. It provides no meaningful penalty (other than a slight monetary loss which can be written off as an operating expense) to those sued, and no meaningful award to those suing.

    link to this | view in thread ]

  20. identicon
    Samsung Support, 30 Mar 2011 @ 4:04pm

    Re: Re: Re: Spy on me!

    But then we won't be able to watch

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 30 Mar 2011 @ 4:29pm

    Thus neatly demonstrating that...

    ...they learned nothing from the Sony debacle.

    They're going to be crucified for this, and they should be.

    link to this | view in thread ]

  22. identicon
    Infowars, 30 Mar 2011 @ 4:43pm

    I have an answer....

    Buy a Mac.. (so you get some real monitoring tools built into the system to check for crap like this)

    link to this | view in thread ]

  23. icon
    Jojoyojimbi (profile), 30 Mar 2011 @ 5:13pm

    Join the list now Samsung

    I've been boycotting Sony products since their rootkit debacle of yesteryear... looks like it's time for Samsung to join the list.

    I just wish the ignorant masses cared enough about their privacy and rights to pay attention to what's going on around them and help me vote with my wallet. Instead they probably own three playstations and four samsung tvs

    link to this | view in thread ]

  24. icon
    Capitalist Lion Tamer (profile), 30 Mar 2011 @ 5:33pm

    Booting up my new Samsung...

    Language to install: Fuck you.
    Time and Currency format: Fuck you.
    Keyboard or input method: One finger.

    Do you accept the license terms?: [Y]es [N]o [F]uck you.

    Type a user name (for example, John or Traceme):
    Fuck You

    Type a computer name:
    SRSLY Fuck You

    Type a password (recommended):
    Make Me

    No, seriously, type a password (completely safe!):
    *******

    Password rejected. Please use characters other than "asterisk":
    fUckY0uFuCkyOUfuKKyouOKdogFuCKer

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 30 Mar 2011 @ 6:26pm

    Re: Re: Re: Re: Spy on me!

    You have a camera on a tripod pointing to the couch where you are playing with your wife that is connected to your Samsung TV?

    Holly cow!

    link to this | view in thread ]

  26. icon
    Thomas (profile), 30 Mar 2011 @ 6:27pm

    You would think.

    they would have learned something from the Sony rootkit fiasco. I'm sure the feds will love to find out that Samsung is installing keyloggers. Just imagine if the feds find some computers in DOJ are from Samsung and have been feeding info to Samsung about what the government is doing.

    link to this | view in thread ]

  27. identicon
    Pixelation, 30 Mar 2011 @ 7:47pm

    Re: Re: Re: Spy on me!

    "You may want to put the TV outside when you are playing with the wife."

    Why? a few seconds of your hairy ass and the TV will shut itself off. Problem solved.

    link to this | view in thread ]

  28. identicon
    Pete Austin, MarketingXD, 31 Mar 2011 @ 12:14am

    Checked my Samsung: *NOT INFECTED*

    Just checked my Samsung laptop, bought from Amazon UK about 6 weeks ago, running 64 bit Windows. NOT INFECTED.

    Has anyone independently confirmed the original blogger?

    link to this | view in thread ]

  29. identicon
    ender, 31 Mar 2011 @ 1:31am

    At least it's only a software keylogger

    This guy apparently found a hardware keylogger in his Dell laptop: http://virus.org.ua/unix/keylog/klog.htm

    link to this | view in thread ]

  30. identicon
    Anunimus Kowerd, 31 Mar 2011 @ 1:51am

    This is going to hurt.

    The repercussions are going to be big with this one. I was getting close to pulling the trigger on a new 52" HDTV and bluray player for upstairs, but have decided not to after reading this horrific news. Thankfully the printer I helped my parents pick out last week is still within the time constraint for getting a full refund as well. Hopefully Samsung isn't behind this and its just a stupid punk somewhere in the supply chain taking advantage of an opportunity. Until I know for sure, I can't in good conscious continue to support them in ANY fashion. If they are guilty of doing this, then I pray that, in addition to widespread boycotting, they are procsecuted to the fullest extent of the law. Keylogging spyware? That is about as big and bad of a no no as you can get these days.

    link to this | view in thread ]

  31. icon
    Jan Bilek (profile), 31 Mar 2011 @ 2:18am

    Samsung claims that there was no spyware and it was just false positive: http://www.thinq.co.uk/2011/3/31/samsung-denies-installing-keyloggers-laptops/

    link to this | view in thread ]

  32. identicon
    abc gum, 31 Mar 2011 @ 4:53am

    Guys! ... this was a simple mistake.
    Obviously, these people were sold laptops intended for jr & sr high school students.
    /s

    link to this | view in thread ]

  33. identicon
    Roger H, 31 Mar 2011 @ 6:21am

    I have a new samsung R710

    After reading the post by Mohammed (forwarded through a LinkedIn Group), I found the SL folder, and did some digging.

    The folder contains a .mui file (language/localization file) for the photo screensaver.

    Pretty innocuous, and unfortunately named the same as a known keylogger.

    link to this | view in thread ]

  34. icon
    Brian Schroth (profile), 31 Mar 2011 @ 6:29am

    Hmmmm...

    "he ran a scan and [b]found an installation[/b] of StarLogger, a commercial keylogger program. It's a rather nefarious piece of software:

    This key logger is [b]completely undetectable[/b]..."

    DOES NOT COMPUTE

    link to this | view in thread ]

  35. icon
    Killer_Tofu (profile), 31 Mar 2011 @ 6:56am

    Yay Italics

    Something about the ending of the article with italics seems to have every comment in this thread in italics, as well as every post on the home page beneath it in italics. Interesting. =)

    link to this | view in thread ]

  36. icon
    Killer_Tofu (profile), 31 Mar 2011 @ 10:31am

    Re: Yay Italics

    Ok. Either it was fixed, or my browser isn't doing its glitch this time. One or the other. Probably just a glitch in my browser before eh?

    link to this | view in thread ]

  37. icon
    Miff (profile), 31 Mar 2011 @ 11:57pm

    Re: Re:

    I don't see how being the manufacturer yourself forces you to put software you don't want on the machine.

    Is this some new area of IP law? ;)

    link to this | view in thread ]

  38. identicon
    Jose_X, 3 Apr 2011 @ 1:37pm

    Biggest keylogger

    I don't use Microsoft operating systems, but have people read their EULAs. They naturally have the easiest path to tracking users (it's their OS), and their EULAs (if what I read is faithful) give them legal cover.

    Microsoft also has many partners who pay for special information. ... People waste time with Samsung this or that. Do like Russia, Google, and numerous others have done by avoiding Windows altogether.

    [Low cost without worry about costly legal action is another good reason to use Linux: http://jeffhoogland.blogspot.com/2011/03/dialog-with-girlfriend.html]

    link to this | view in thread ]

  39. icon
    tellmewhy121 (profile), 8 Apr 2011 @ 1:45am

    stealth keylogger

    It is said there is No keylogger software in samsung laotops, just a bad scare.

    link to this | view in thread ]

  40. identicon
    Laney Smith, 14 Jun 2011 @ 1:12am

    Yeah, while coming into keylogger, i want to talk sth. about [url=http://www.amackeylogger.com]kelogger for mac[/url]. Though it is my first time using it, it really leaves me a good impression.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.