Samsung intentionally shipping laptops with keylogger/spy software

(Article last updated 31/01/11 @ 15:49)
As Samsung has been experiencing greater global successes in selling their TVs, phones and laptop computers, they have made a major miscalculation into how far “market research” can go without causing a massive backlash. They have crossed that line…
 
Network World published a story today by Mohamed Hassan explaining how he had purchased a new Samsung laptop recently and discovered that it had a keylogger (StarLogger) pre-installed from the factory. Not only could this software log all of your keystrokes it is also capable of taking screenshots.
 
Mr. Hassan had other problems with the laptop, so he returned it and upgraded to a higher specification model. Upon receiving the second laptop he noticed that it also had the keylogger installed.
 
He suspected that perhaps someone in the supply chain had been installing the software rather than Samsung, so he reached out to their tech support department to find out if they knew anything about why this software was on his brand new computer.
 
Upon reaching technical support at Samsung, the tier one support agents tried to convince Mr. Hassan that the software wasn’t there and then changed their story to suggest he ask Microsoft about it.
 
Eventually they relented and sent him to a supervisor. Quoting from Mr. Hassan’s post:
 
He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”
 
This is astonishing. After the massive uproar that resulted when Sony installed rootkits on peoples computers when they listened to an audio CD, you would hope the world would realize this type of behavior is totally unacceptable.
 
Mr Hassan says the software was configured to send all of your keystrokes to an email address. He does not mention whether the optional encryption was being used. If you thought having AOL preinstalled was annoying, this takes “trusting” the build of your OS provided by the manufacturer to an extreme.
 
Sophos identifies components of this software as Mal/LineDLL-B and will alert any customers deploying our software to Samsung laptops.
 
Samsung should have been aware of what they were doing as there is a message you must click through during the installation of the software that reads:
“As this program can be used for monitoring other user’s activity on this computer, you may want to have this program installed without being perceived. In this case you should choose for “Don’t create any icons” in the ‘Select start Menu Folder’ screen. This screen appears after the next screen.”
 
It appears that Samsung choose this option.
As a best practice it is always a good idea to run the least amount of software on your computer as possible. This reduces the attack surface and number of exposed bugs that attackers can use to harm your PC. This is just another reason it is a good idea to do a clean OS installation on your computers with trusted media provided by the OS manufacturer.
Credit: Sophos Blog
UPDATE: Samsung have issued the following statement on the matter:

 

Our findings indicate that the person mentioned in the article used a security program called VIPRE that mistook a folder created by Microsoft’s Live Application for a key logging software, during a virus scan.

(Depending on the language, under C:\windows folders “SL” for Slovene, “KO” for Korean, “EN” for English are created.)

 

Samsung will continue to respect customer needs by providing the highest quality products and services.”
So, it looks like it’s a false alarm after all. Phew!