In what would cause anyone to ask, "Why would you do that?" a report claims Samsung is shipping brand-new laptops with an active keylogger installed. It's unknown to the buyer or anyone who uses the machines.
Samsung
installed a commercial keylogger on brand-new laptops to monitor customer
usage, the company admitted after a user exposed the practice in a security
newsletter.
The keylogger
was discovered by Mohamed Hassan on two Samsung laptops, the R525 and R540,
according to his post on the Security
Strategies Alert newsletter run by Mich Kabay, CTO of Adaptive Cyber
Security Instruments. In a two-part series, Hassan described how he found the
keyloggers and how Samsung denied installing them
Samsung later
admitted the software was there to "monitor the performance of the machine
and to find out how it is being used," according to Hassan.
While setting
up a new Samsung R525 laptop in early February, Hassan ran a full-system scan
using an unnamed "licensed commercial security software" before installing
anything else. The scan found two instances of a commercial keylogger, called
StarLogger, installed within the Windows directory, he wrote.
StarLogger,
from a company called de Willebois Consulting, can be downloaded from a number
of sites for free. It claims to record every keystroke made on the computer,
even on password-protected systems. Completely undetectable, the keylogger
starts up when the computer starts up, and sees everything being typed,
including email, documents and login credentials. The software periodically emails
the collected data and screen captures to a defined email address.
Hassan
determined that the software had been installed by Samsung and cleaned off the
software. Shortly after, he bought a Samsung R540 from a different store and
found the same StarLogger program in the same location after running a full-system
scan during the initial setup. This confirmed his suspicion that Samsung must
know about the software on brand-new laptops, wrote Hassan.
"The findings
are false-positive proof since I have used the tool that discovered it for six
years now, and I [have] yet to see it misidentify an item throughout the
years," Hassan wrote.
Hassan called
and logged the incident with Samsung Support March 1. The company initially
denied the presence of the keylogger, much "as Sony BMG did six years ago,"
Hassan wrote, in reference to Sony's installing a rootkit on its music CDs in
the fall of 2005 to monitor computer-user behavior and limit how they were
copied.
At the time,
Mark Russinovich, the developer who found the Sony BMG rootkit, warned,
"Consumers don't have any kind of assurance that other companies are not
going to do the same kind of thing [as Sony]."
"How right has
Mr. Russinovich been," Hassan wrote.
Samsung tried
to lay the blame on Microsoft since "all Samsung did was to manufacture the
hardware," according to Hassan.
A support
supervisor then confirmed that Samsung
knowingly put this software on the laptop to "monitor the performance
of the machine and to find out how it is being used," Hassan discovered.
Samsung wanted
to gather usage data without obtaining consent from laptop owners, Hassan
concluded. He called it a "d??«j??à vu security incident" and said there were
legal, ethical and privacy implications for both businesses and individuals who
may purchase and use Samsung laptops.
Samsung could
also be liable should the vast amount of information collected through
StarLogger fall into the wrong hands, he speculated.
Samsung didn't
respond to requests for comment.
Email
Print
