Samsung installed a commercial keylogger on brand-new laptops to monitor customer usage, the company admitted after a user exposed the practice in a security newsletter.
The keylogger was discovered by Mohamed Hassan on two Samsung laptops, the R525 and R540, according to his post on the Security Strategies Alert newsletter run by Mich Kabay, CTO of Adaptive Cyber Security Instruments. In a two-part series, Hassan described how he found the keyloggers and how Samsung denied installing them. the South Korean company later admitted the software was there to “monitor the performance of the machine and to find out how it is being used”, according to Hassan.
StarLogger, from a company called de Willebois Consulting, can be downloaded from a number of sites for free. It claims to record every keystroke made on the computer, even on password-protected systems. Completely undetectable, the keylogger starts up when the computer starts up, and sees everything being typed, including email, documents and login credentials. The software periodically emails the collected data and screen captures to a defined email address.
Hassan determined that the software had been installed by Samsung and he cleaned off the software. Shortly after, he bought a Samsung R540 from a different store and found the same StarLogger program in the same location after running a full-system scan during the initial setup. This confirmed his suspicion that Samsung must know about the software on brand-new laptops, wrote Hassan.
“The findings are false-positive proof since I have used the tool that discovered it for six years now and I [have] yet to see it misidentify an item throughout the years,” Hassan wrote.
He called and logged the incident with Samsung Support on March 1. The company initially denied the presence of the keylogger, much “as Sony BMG did six years ago”, Hassan wrote, in reference to Sony’s installing a rootkit on its music CDs, in the autumn of 2005, to monitor computer-user behaviour and limit how the discs were copied. At the time, Mark Russinovich, the developer who found the Sony BMG rootkit, warned, “Consumers don’t have any kind of assurance that other companies are not going to do the same kind of thing [as Sony].”
“How right has Mr Russinovich been,” Hassan wrote.
Samsung tried to lay the blame on Microsoft since “all Samsung did was to manufacture the hardware”, according to Hassan. A support supervisor then confirmed that Samsung knowingly put this software on the laptop to “monitor the performance of the machine and to find out how it is being used”, Hassan discovered.
Samsung wanted to gather usage data without obtaining consent from laptop owners, Hassan concluded. He called it a “déjà vu security incident” and said there were legal, ethical and privacy implications for both businesses and individuals who may purchase and use Samsung laptops. The company could also be liable should the vast amount of information collected through StarLogger fall into the wrong hands, he speculated.
Samsung did not respond to requests for comment.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…