Samsung installs root kits on the computers they sell

[JoeG4]

Well, that was an odd one.

http://www.networkworld.com/newsletters/sec/2011/032811sec2.html

I thought it sounded sketchy until they mentioned that Samsung is confirming it.

 

[RedReplicant]

In all honesty, this makes no sense. I would imagine that the Samsung rep had no idea what he was talking about. It's not a root kit either, or anything like it - just a keylogger. These laptops are almost year old and you're telling me no one had found this before? Fishy.
*waits for impending 10 page flame thread*

 

[emiljan]

How the hell is this even legal? Sony installed a root-kit and got a $575 million dollar fine. I can't wait to see what happens to Samsung if this was deliberate.

 

[RedReplicant]

How the hell is this even legal? Sony installed a root-kit and got a $575 million dollar fine. I can't wait to see what happens to Samsung if this was deliberate.

Way to kneejerk without any research on your end. No one has confirmed this except this 'reputable' article writer. Reeks of total crap.

 

[RedReplicant]

While setting up a new Samsung computer laptop with model number R525 in early February 2011

Judging by reviews of this laptop it was released in ~June 2010. You're telling me no one else has found this in almost a year?

After the initial set up of the laptop, I installed licensed commercial security software and then ran a full system scan before installing any other software. The scan found two instances of a commercial keylogger called StarLogger installed on the brand new laptop. Files associated with the keylogger were found in a c:\windows\SL directory.

Can't even name the software? Possibility of it being pirated and bringing the keylogger along with it?

This key logger is completely undetectable and starts up whenever your computer starts up.

Well your software detected it?

After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung.

This conclusion is based on?

I removed the keylogger software, cleaned up the laptop, and continued using the computer.

This guy holds a "masters of information assurance" and he simply removes a keylogger and assumes that there was no rootkit or something else undetected? I've never heard of any security inclined individual that would do something like that.

Again, after the initial set up of the laptop, I found the same StarLogger software in the c:\windows\SL folder of the new laptop. The findings are false-positive proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years. The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops.

What? Sense does not make here.

However, no one seems to have reported a StarLogger installation as far as we have been able to determine using Web search engines.

How weird.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

Sounds like the supervisor didn't know what they were talking about.


His business looks real reputable http://www.nesecc.com/

Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.

So we have a hack-job IT security consulting firm business site with no content and a part time professor or guest lecturer at University of Phoenix.

 

[Lyle]

Confirmed: Samsung is Not Shipping Keyloggers

An update:

We now have confirmation for what we wrote in our previous blog post: Samsung is not shipping keyloggers on their laptops.

The whole saga was caused by a false alarm of the VIPRE Antivirus product. Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. This is a bad idea.

GFI Labs, the makers of the antivirus software, have somewhat graciously issued a mea culpa, but I'm really interested in seeing how Network World and the original article's author handle this.

 

[RedReplicant]

What a surprise, too bad the damage is already done.

 

[-aggie-]

I have roots getting into my sewer pipes in my backyard. Where can I buy one of these root kits.

 

[Stridder44]

What a surprise, too bad the damage is already done.

What damage? Multiple sources have come forward saying that it's a false positive, and the whole story was BS after all. Even Samsung themselves came forward very shortly after these reports started spreading and immediately began looking into it. If anything, I think they handled this very well. From the article here:

Update: Kudos to Samsung for hitting this head-on. An hour after we inquired for comment, a company spokesperson tossed over this official quote: "Samsung takes Mr. Hassan's claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available."

Update 2: Samsung's official Korean language blog, Samsung Tomorrow, has a posted an update calling the findings false. According to Samsung, the confusion arose when the VIPRE security software mistakenly identified Microsoft's Slovene language folder ("SL") as Starlogger, which Sammy was able to recreate from an empty c:\windows\SL folder (see image above). So yeah, move along, it's much ado about nothing -- the R525 and R540 laptops are perfectly safe.

Update 3: Even GFI Software has stepped up and confirmed the good news; furthermore, it'll be changing the way it structures things so as not to set off any more false-positives.

 

[RedReplicant]

How many people see something in the news, form an opinion, and then never look into it again?

 

[SevenInchScrew]

How many people see something in the news, form an opinion, and then never look into it again?

With something like the iPhone "Antenna-gate", you might be right. That was all over the news everywhere, even on the major TV news. This Samsung issue was barely a story in the tech news world, let alone anything bigger. I don't doubt you are right about there being people who form ill-informed opinions based on stuff like this. But for there to be any meaningful damage from something like this, it has to be a much bigger story than this one was.

I just asked a handful of my friends over IM if they heard anything about this, and not one had. A few of these people are pretty tech-savvy, and even they heard nothing about this. In fact, if it weren't for this thread, it would be completely forgotten by me.

 

[RedReplicant]

Fair enough, I made that assumption based on the Reddit / other news site comments. Probably not the best place to draw conclusions.