Samsung installing keylogger on laptops [Update:] Not

According to Network World, Samsung has been installing key logging software on its laptop computers. On May 1 Mohamed Hassan, a graduate of the Master of Science in Information Assurance (MSIA) program at Norwich University, discovered an application called StarLogger had been installed on his brand new laptop. He discovered the software was located in the C:\Windows\SL\ folder, and after some investigation, Hassan found it was recording every keystroke, including emails, documents, usernames and passwords.

He proceeded to report this to Samsung Support and logged incident number 2101163379 with them. In a similar move to SonyBMG about the installing of rootkits, Samsung's support department denied the existence of any such software on its laptops.

After being informed of two different models which had been tested for the keylogger, Samsung changed its tune and, instead, blamed Microsoft by saying "all Samsung did was to manufacture the hardware." This answer was not accepted by Mohamed and he told them that it "did not make sense", the incident was then moved higher up the support chain to a supervisor, who explained to Hassan that he was "not sure how this software ended up in the new laptop," but confirmed that "yes, Samsung did knowingly put this software on the laptop to monitor the performance of the machine and to find out how it is being used."

In 2007 the FTC Chairman, Deborah Platt Majoras, said "Installations of secret software that create security risks are intrusive and unlawful." If this story turns out anything like the Sony rootkit fiasco we may see lawsuits, and quite a few of them.

The two models currently known to contain this software are the R525 and R540. CNET has published a helpful guide on how to remove this software, to read it click here.

Update: Samsung have since investigated this complaint, and discovered that this is simply a false positive from the security software. The C:\Windows\SL directory is created to hold Slovenian language files, and its presence on the disk is all that is required to trigger the false alert.

Image Credit: Informer

Report a problem with article
Previous Story

Google to testify on piracy before a House subcommittee

Next Story

Microsoft rejects WP7 Twitter app for "Graphic Content" [Update]

56 Comments

Commenting is disabled on this article.

"monitor the performance of the machine"

I'd say that should be your first hint that the support person had no idea what they guy was asking or talking about. Keyloggers don't look at performance or provide any info other than what is typed, might occasionally take screenshots and in some cases they log web page details but that's about it.

Samsung should def. look at a defamation case not just against the guy who wrote the report but also networkworld for running with it w/o verifying the info.

This all seems a bit strange! The guy is a graduate of the Master of Science in Information Assurance (MSIA) program and apparently found (the program) was recording every keystroke, including emails, documents, usernames and passwords.
When all it actually was, was a false positive from Vipre! Did he not think about VT, Jotti or Anubis, maybe even reporting it to Vipre.
Dear o dear, maybe Samsung should take this "security researcher" to court for defamation of charachter!

You have too much faith in the educational system. A lot of smart people have university degrees, but not every university degree recipient is smart.

Even that Samsung said it's to do with the language, they still did say... "confirmed that "yes, Samsung did knowingly put this software on the laptop to monitor the performance of the machine and to find out how it is being used.""

So what gives?

I was going to say something yesterday but never got to it.. my point was going to be... Why would a MULTI-BILLION dollar company knowingly install a keylogger on their product. What could they possibly gain by this, versus what they would lose in customers. Plus not to mention the law-suits that would cost them tons of money as well. It just doesn't make sense. And now we see the truth this morning.

xendrome said,
I was going to say something yesterday but never got to it.. my point was going to be... Why would a MULTI-BILLION dollar company knowingly install a keylogger on their product. What could they possibly gain by this, versus what they would lose in customers. Plus not to mention the law-suits that would cost them tons of money as well. It just doesn't make sense. And now we see the truth this morning.

Why? Same reason Sony had. Same reason Belkin had......Big shot corporations do not have clean hands. History proves this.

Mike Frett said,

Why? Same reason Sony had. Same reason Belkin had......Big shot corporations do not have clean hands. History proves this.

sony did it in a rather misguided attempt to protect IP.

What does Samsung gain from this? A list of porn sites people visit? I don't think that's worth the massive lawsuit that will follow.

From Engadget:

"Update 2: Samsung's official Korean language blog, Samsung Tomorrow, has a posted an update calling the findings false. According to Samsung, the confusion arose when the VIPRE security software mistakenly identified Microsoft's Slovene language folder ("SL") as Starlogger, which Sammy was able to recreate from an empty c:\windows\SL folder (see image above). So yeah, move along, it's much ado about nothing -- the R525 and R540 laptops are perfectly safe."

The statements that Samsung installs keylogger on R525 and R540 laptop computers are false.

Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft's Live Application for a key logging software, during a virus scan.

The confusion arose because VIPRE mistook Microsoft's Live Application multi-language support folder, "SL" folder, as StarLogger.

(Depending on the language, under C:\windows folders "SL" for Slovene, "KO" for Korean, "EN" for English are created.)

Samsung will continue to respect customer needs by providing the highest quality products and services.

http://samsungtomorrow.tistory.com/1071

Man, that would make VIPRE one of the most stupid anti malware programs on the market. Identifying malware by name, really?

XerXis said,
Man, that would make VIPRE one of the most stupid anti malware programs on the market. Identifying malware by name, really?

Not even by file name. By folder name. The folder could have been empty, and there would have been a false positive.

I really don't see Samsung having any benefit of a keylogger installed on a computer. I bet it is a debug leftover from the process of building the standard image for their computers.

This is nothing like Sony's rootkit, which had a direct purpose of controlling what you could do with
a music cd.

I never allow any of my friends and family to use pre-built computers without a reformat. I always wipe my hard drives using the US DoD 5220.22-M (8-306./E, C & E) (7 passes) method.

the screenshot isn't the actual log just the generic screen taken from the starlogger site.

I'm not getting all the hype over this. I mean this is one source. Not that I've really looked but I haven't seen any other sites mentioning confirmation by any other sources??

tanjiajun_34 said,
What's with the message at the screenshot?

"Recently I installed a program called StarLogger"
I thought its Samsung install for him?


yeah its 2003

My question would be did he buy the laptop from a retail store or "rent" it from the University?

I'm not saying that the uni would have a right to do this but they may have installed it to monitor what he does with the machine, if so then unless the uni told him about this then it's their problem and not Samsungs. I say this as the uni may have ordered them direct from Samsung.

If it was from a retailer then they may have been the ones responsible for it, in which case it's the retailers problem and not Samsungs.

Phantom Phreak said,
Here come the Ubuntu Fans: See you gotta use Free Software so you know what you're installing!!!

NOT... Most people want to use 99.999998% of software out there. With Ubuntu you will be in a dead zone.

Dusco25 said,

NOT... Most people want to use 99.999998% of software out there. With Ubuntu you will be in a dead zone.

Sorry, but that is a pointless and uneducated remark. Actually they both are, but I digress . . .

Do we have any proof that Samsung admitted this or is it just the word of this one person? Also, it is possible the software was put on by someone at a retailer. Just sayin'.

Temuulen Battumur said,
SINCE WHEN SAMSUNG MADE LAPTOPS.

They have been for a few years, mainly netbooks and ultra portable laptops, but its reasons like this I ALWAYS format and fresh install windows on any laptop I buy

I don't buy "home" pc's, I build my own, but, when I buy a laptop, first thing I do is set it up without any personal info, no email, no internet connection. Then it gets powered down, the HDD is pulled, date when the warranty expires written on the drive and shelved. I plop a new drive into it, and set it up like I want. If something happens, and it needs to be serviced under warranty, I send it back with the original drive.

naap51stang said,
I don't buy "home" pc's, I build my own, but, when I buy a laptop, first thing I do is set it up without any personal info, no email, no internet connection. Then it gets powered down, the HDD is pulled, date when the warranty expires written on the drive and shelved. I plop a new drive into it, and set it up like I want. If something happens, and it needs to be serviced under warranty, I send it back with the original drive.

Thats actually a pretty good idea.

You can't just use Gparted in Ubuntu to erase all the partitions, then start your Windows installation on a clean slate?

When I bought my Dell, it had the "Prepared by Geek Squad" sticker on the box. To me that read: Crap installed, and who knows what else? Erase the drive, and install that new Windows 7 Beta that came out last week!

I to dont think samsung would do this, any one be able to read source code of the program to identify ?
I will put this by some Samsung Reps see if any of this is true.

Hmmm I don't know if my new samsung notebook came with anything because I formatted straight away and installed Win7 Ultimate so I could use bitlocker.

I don't think Samsung might be doing this. It must be someone from localstore who might have installed the software. I don't think Samsung might be dumb enough to even think about doing such absurd act. By theway, whenever I buy a computer I just do the clean format and then install programs by myself.

Auditor said,
I don't think Samsung might be doing this. It must be someone from localstore who might have installed the software. I don't think Samsung might be dumb enough to even think about doing such absurd act. By theway, whenever I buy a computer I just do the clean format and then install programs by myself.

+1 for formatting new hardware
i can't believe samsung would do this and i'm gonna say it might be installed lower down the chain but if it was a top level decision i have 3 words...CLASS ACTION LAWSUIT

flexkeyboard said,
oh, was the the same excuse Sony used also?

Not the same. Sony's rootkits were on audio CDs. It's not possible they could have been infected at the store.

Just another reason why I wipe every computer I get, first thing..
Then I can install my own clean copy of Windows, drivers, and any software I need.

Ryoken said,
Just another reason why I wipe every computer I get, first thing..
Then I can install my own clean copy of Windows, drivers, and any software I need.

Same here. Clean installs run nicer anyways

Ryoken said,
Just another reason why I wipe every computer I get, first thing..
Then I can install my own clean copy of Windows, drivers, and any software I need.

Nice clean format, agreed. even if the manufacturer doesn't put anything on, the local retailer could have put something on.

Even the HDD manufacturer could wilingly/unwilingly have had something on there. I remember a article about I think it was san disk drives having a virus on them.

I may not remember correctly but wasn't it samsung who had a virus in their driver install for cameras

Ryoken said,
Just another reason why I wipe every computer I get, first thing..
Then I can install my own clean copy of Windows, drivers, and any software I need.

Same here, I just use the installed OS for testing and take a look. After less than 1 hour, all will be wiped and I install my fresh windows.

Sraf said,

Same here. Clean installs run nicer anyways

No, usualy it does not. OEMs tweak Windows, drivers, bootload, hardware compatibilities... so the total Hardware+ OS will be better/faster...

alexalex said,

No, usualy it does not. OEMs tweak Windows, drivers, bootload, hardware compatibilities... so the total Hardware+ OS will be better/faster...

ill disagree. clean install of windows is usually better than the OEM crap.

plus as others have said you can guarantee there is nothing funny going on with the PC that way to.

alexalex said,

No, usualy it does not. OEMs tweak Windows, drivers, bootload, hardware compatibilities... so the total Hardware+ OS will be better/faster...


Yea exact... No wait, they don't...
Only thing OEMs do is install a bunch of bloatware and put in wallpapers and what not with their logo on.
Sure OK, they install the proper drivers, but you can just get them from their site if Windows Update can't get everything you need automatically which it usually does only driver you really need to bother with yourself are graphics drivers.
Clean Install + correct drivers is much better than the installation on the computer from the start.

Mr. Black said,
Why do I hear the bells of lawsuits tolling...

This guy should take them to courts.. and drain the hell out of them!!