Is Samsung intentionally shipping laptops with keylogger/spy software?


Update: Fortunately the answer appears to be no. (We have published more on this topic here and updated this article). It appears this was all a misunderstanding. Samsung has issued a statement saying the confusion was derived from the installation of the Microsoft Live! application suite. When the Slovakian language is installed it creates a folder called C:\Windows\SL which is the same folder name as is used by the StarLogger application.

Update 2: We have posted more information with what actually happened in a follow up article.

Samsung logoAs Samsung has been experiencing greater global successes in selling their TVs, phones and laptop computers, they may have made a major miscalculation into how far “market research” can go without causing a massive backlash. If this story turns out to be true, they may have crossed the line.

Samsung T10 laptopNetwork World published a story today by Mohamed Hassan explaining how he had purchased a new Samsung laptop recently and discovered that it had a keylogger (StarLogger) pre-installed from the factory. Not only could this software log all of your keystrokes it is also capable of taking screenshots.

Mr. Hassan had other problems with the laptop, so he returned it and upgraded to a higher specification model. Upon receiving the second laptop he noticed that it also had the keylogger installed.

He suspected that perhaps someone in the supply chain had been installing the software rather than Samsung, so he reached out to their tech support department to find out if they knew anything about why this software was on his brand new computer.

Upon reaching technical support at Samsung, the tier one support agents tried to convince Mr. Hassan that the software wasn’t there and then changed their story to suggest he ask Microsoft about it.

Eventually they relented and sent him to a supervisor. Quoting from Mr. Hassan’s post:

He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”

After the massive uproar that resulted when Sony installed rootkits on peoples computers when they listened to an audio CD, you would hope the world would realize this type of behavior is totally unacceptable.

Mr Hassan says the software was configured to send all of your keystrokes to an email address. He does not mention whether the optional encryption was being used. If you thought having AOL preinstalled was annoying, this takes “trusting” the build of your OS provided by the manufacturer to an extreme.

As a best practice it is always a good idea to run the least amount of software on your computer as possible. This reduces the attack surface and number of exposed bugs that attackers can use to harm your PC. This is just another reason it is a good idea to do a clean OS installation on your computers with trusted media provided by the OS manufacturer.

For more advice on avoiding the malware mess download our paper “Top 5 Threat Protection Best Practices“.

Update: is reporting that they looked at a Samsung series 9 and did not find the keylogging software. This could indicate it is only being installed on one series (R), or in fact Samsung is not behind its installation.