Is Samsung intentionally shipping laptops with keylogger/spy software?

Filed Under: Data loss, Malware, Privacy

Update: Fortunately the answer appears to be no. (We have published more on this topic here and updated this article). It appears this was all a misunderstanding. Samsung has issued a statement saying the confusion was derived from the installation of the Microsoft Live! application suite. When the Slovakian language is installed it creates a folder called C:\Windows\SL which is the same folder name as is used by the StarLogger application.

Update 2: We have posted more information with what actually happened in a follow up article.

Samsung logoAs Samsung has been experiencing greater global successes in selling their TVs, phones and laptop computers, they may have made a major miscalculation into how far "market research" can go without causing a massive backlash. If this story turns out to be true, they may have crossed the line.

Samsung T10 laptopNetwork World published a story today by Mohamed Hassan explaining how he had purchased a new Samsung laptop recently and discovered that it had a keylogger (StarLogger) pre-installed from the factory. Not only could this software log all of your keystrokes it is also capable of taking screenshots.

Mr. Hassan had other problems with the laptop, so he returned it and upgraded to a higher specification model. Upon receiving the second laptop he noticed that it also had the keylogger installed.

He suspected that perhaps someone in the supply chain had been installing the software rather than Samsung, so he reached out to their tech support department to find out if they knew anything about why this software was on his brand new computer.

Upon reaching technical support at Samsung, the tier one support agents tried to convince Mr. Hassan that the software wasn't there and then changed their story to suggest he ask Microsoft about it.

Eventually they relented and sent him to a supervisor. Quoting from Mr. Hassan's post:

He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

After the massive uproar that resulted when Sony installed rootkits on peoples computers when they listened to an audio CD, you would hope the world would realize this type of behavior is totally unacceptable.

Mr Hassan says the software was configured to send all of your keystrokes to an email address. He does not mention whether the optional encryption was being used. If you thought having AOL preinstalled was annoying, this takes "trusting" the build of your OS provided by the manufacturer to an extreme.

As a best practice it is always a good idea to run the least amount of software on your computer as possible. This reduces the attack surface and number of exposed bugs that attackers can use to harm your PC. This is just another reason it is a good idea to do a clean OS installation on your computers with trusted media provided by the OS manufacturer.

For more advice on avoiding the malware mess download our paper "Top 5 Threat Protection Best Practices".

Update: Cnet.com is reporting that they looked at a Samsung series 9 and did not find the keylogging software. This could indicate it is only being installed on one series (R), or in fact Samsung is not behind its installation.

, , ,

You might like

4 Responses to Is Samsung intentionally shipping laptops with keylogger/spy software?

  1. Peggy · 1305 days ago

    Or it could indicate that CNET was paid off by Samsung...

    • Iggy · 1305 days ago

      Oh Peggy.......you cynic you. That would never happen. Next thing you'll say that a publisher like Cnet is 'sensitive' to the needs of a regular advertiser. And we all know that never happens in business *wink*

  2. chris · 1305 days ago

    This whole story is a hoax and at best, an honest mistake on behalf of the complainant or at worst a serious attempt to get his 15 minutes of fame.

    I'm all for it being fully investigated, but Samsung is not shipping keyloggers, the file is a legitimate .mui file /folder created when installing Windows Live.

    Do your research! It is not a keylogger!

    Think about it...if you were a network security consultant breaking this story, don't you think you would put a little more proof on the table?

    Geez, don't hire this guy...he'll have you deleting your Outlook program because it records what you type and emails it to someone!

  3. there's a million ways u can do things-heck they can go to your ISP and claim terrorism/national security-if that doesn't work they can plant porn or music on it..BOOO! Be very afraid

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.