Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Samsung installs keylogger on its laptop computers


  • Please log in to reply
13 replies to this topic

#1 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 30 March 2011 - 10:21 PM

While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago. After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.

http://www.networkworld.com/newsletters/sec/2011/032811sec2.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:16 PM

Posted 30 March 2011 - 11:06 PM

Samsung admits it installed the software: :blink:

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.


http://www.networkworld.com/newsletters/sec/2011/040411sec1.html

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:16 PM

Posted 31 March 2011 - 07:20 PM

Confirmed: Samsung is Not Shipping Keyloggers http://www.f-secure.com/weblog/archives/00002133.html

We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops.

The whole saga was caused by a false alarm of the VIPRE Antivirus product. Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. This is a bad idea....As some Samsung laptops do indeed have a folder called "C:\WINDOWS\SL" on them by default, VIPRE would alert on them with a similar warning.

Unfortunately Mohamed Hassan (CISSP) who did the original analysis did not double-check his findings and blamed Samsung instead. Apparently he did not look at the contents of the "SL" folder at all.


http://www.networkworld.com/newsletters/sec/2011/040411sec1.html

UPDATE 3/31/11: Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft's Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here. Still no explanation for why Samsung originally confirmed the keylogger's existence to Hassan, as seen below.

UPDATE 3/31/11: GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: "We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive."



Hmmm. Samsung admits it installed the software, now this...:whistle:

Edit to add: This Hassan guy claims that some unnamed Samsung "supervisor"---most likely a low level DRONE working the support help desk--"admitted" that Samsung installed a keylogger? If Samsung does have some super-secret spy software they are hiding on their laptops would the guy answering the phone know about it, or more importantly, would he be STUPID enough to confirm it if he understood the possible repercussions of what he was confirming in the first place? For all we know he just went along with what the guy was saying to get him off the phone. I don't know about you, but i wouldn't trust one of those "support" guys to find his own a** with a map and a GPS.

This guy Hassan's story and his ahem, "research" have gaping holes in them, to say the least. Network World lost any semblance of credibility publishing this DREK.

Edited by Union_Thug, 01 April 2011 - 05:05 PM.


#4 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:16 PM

Posted 31 March 2011 - 10:06 PM

This fiasco just keeps getting better...

"The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years."


:hysterical:

#5 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 06 April 2011 - 10:45 AM

http://www.f-secure.com/weblog/archives/00002133.html

this what F Secure said about it

A big thanks to Dider Stevens

sorry for not being around

 


#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:16 PM

Posted 06 April 2011 - 03:52 PM

Randy Abrams at ESET says: Samsung and I Got Bit by a VIPRE

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:16 PM

Posted 06 April 2011 - 05:03 PM

Randy Abrams at ESET says: Samsung and I Got Bit by a VIPRE


Still no apology from teh "Brains" of the oper-ashun Mr Mohamed Hassan MSIA CISSP CISA

Apology to Samsung: We blew it

Edited by Union_Thug, 06 April 2011 - 05:05 PM.


#8 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:05:16 PM

Posted 15 April 2011 - 01:05 PM

This is really great because after my Eset License runs out, I'm switching to GFI labs for malware protection considering their products are the only ones that have home edition available to server operating systems.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#9 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:04:16 PM

Posted 16 May 2011 - 08:55 AM

I hope I never get that many degrees in computer science. It seem like in turns off the common practice and common sense switch off.

#10 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:16 PM

Posted 16 May 2011 - 03:01 PM

Vipre and Hassan = lose
Samsung = win
Match over

#11 Beathalor

Beathalor

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:04:16 PM

Posted 22 May 2011 - 02:24 AM

What blows my mind even if it was some guy just answering the phone why would they confirm something that stupid and then deny it...? <_<

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:16 PM

Posted 23 May 2011 - 02:30 PM

Cause they are low-level drones, they don't know anything about the corporation and aren't allowed to sway from their scripts anyways.

I recently talked to norton support and they confirmed me that their anti virus program would not scan any executable files because their anti virus program was just not designed for that.
They literally said:

I am sorry to say that Norton is formed in such a way that it will not detect .exe files.


If I had had other ambitions I probably could also have made him say that they install keyloggers to protect their users.

Don't trust anything a support line tells you. :P

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:05:16 PM

Posted 23 May 2011 - 03:36 PM

I agree with you there. Scripts and more scripts. And I don't trust support lines anyway. The only support line I trust is Dell's, and even they have some crooked folken in there. I'll never forget when I went to order a new cord for my PowerEdge server as they gave me a UK style one instead of the correct US style one. I got this guy, Thomas, his name was, who tried to make me buy another one when it was an exchange, and this lady had to rescue me and pull the charge back up. This guy sure as hell seemed nice though.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#14 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:16 PM

Posted 24 May 2011 - 10:48 AM

I have worked in those support centers in my college days in part time jobs. They give a script with questions and their answers. So basically you have to read them out. There are step by step instructions, ask this, if customer says this ask that and so on. If you find any question not covered in those scripts, then you transfer the call to engineer or ask your supervisor.

I worked for support of computers, printers and home appliances. And trust me I knew nothing about them. LOL

Edited by Romeo29, 24 May 2011 - 10:50 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users