Wednesday, March 30, 2011

Samsung installs keylogger on its laptops

In the fall of 2005, the security and computer world was abuzz with what was at the time dubbed as the "Sony BMG rootkit Fiasco." Sony BMG used a rootkit, computer program that performs a specific function and hides its files from the regular user, to monitor computer user behavior and limit how music CDs were copied and played on one's computer. ...

Sony BMG settled the federal lawsuit with the FTC without admitting guilt. However, given the number of CDs it was ordered to replace and the agreed upon compensation of up to $150 per computer owner it had to pay to consumers whose computers may have been damaged as a result of attempts to remove the rootkit, the $575 million payout for the incident was far more expensive than any return on investment Sony BMG may have received by preventing the potential consumer from copying, illegal distribution or sharing of the music CDs.

Some in the computer security industry had hoped that the criminality of the act that Sony BMG had engaged in together with the huge business costs associated with the settling of the case with consumers and federal authorities would act as a deterrent to any company which might want to monitor computer usage. Others, including Mark Russinovich, the developer and blogger who first discovered the rootkit, were not so sure. In fact Mr. Russinovich warned that "Consumers don't have any kind of assurance that other companies are not going to do the same kind of thing (as Sony)" (Borland, 2005).

How right has Mr. Russinovich been!

While setting up a new Samsung computer laptop with model number R525 in early February 2011, I came across an issue that mirrored what Sony BMG did six years ago.  After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

According to a Starlogger description, StarLogger records every keystroke made on your computer on every window, even on password protected boxes.

This key logger is completely undetectable and starts up whenever your computer starts up. See everything being typed: emails, messages, documents, web pages, usernames, passwords, and more. StarLogger can email its results at specified intervals to any email address undetected so you don't even have to be at the computer your[sic] are monitoring to get the information. The screen capture images can also be attached automatically to the emails as well as automatically deleted.

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung. I removed the keylogger software, cleaned up the laptop, and continued using the computer. However, after experiencing problems with the video display driver, I returned that laptop to the store where I bought it and bought a higher Samsung model (R540) from another store.

Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops. ...

via Samsung installs keylogger on its laptop computers.

No comments: