Security consultant Mohamed Hassan made a shocking discovery when he bought a Samsung laptop last month: Pre-installed software was recording his every keystroke.
Writing for NetworkWorld, Hassan says he discovered the key-logging software, called Starlogger, on a Samsung R525 laptop after running a full system scan with commercial security software, and before installing anything else on the computer. Starlogger captures all text entry, including passwords and emails, and can even take screenshots. The software then discretely transmits its findings by e-mail.
It gets worse. After removing Starlogger, Hassan returned the laptop due to an unrelated issue with the video driver. He then purchased another Samsung laptop, model R540, from a different retailer. Sure enough, he found the same Starlogger software in the same directory (c:\windows\SL) on a different Samsung computer.
“The fact that on both models the same files were found in the same location supported the suspicion that the hardware manufacturer, Samsung, must know about this software on its brand-new laptops,” Hassan wrote.
NetworkWorld contacted three Samsung public relations reps, giving them a week to comment before running the story. None responded. But when Hassan called Samsung support, a supervisor confirmed that Samsung installed the software to “monitor the performance of the machine and to find out how it is being used.”
Hassan likens this incident to the Sony BMG rootkit fiasco of 2005, in which music CDs came pre-loaded with monitoring software to prevent piracy. “This is a déjà vu security incident with far reaching potential consequences,” he wrote.
If Hassan’s allegations are accurate, Samsung could face lawsuits, and may be liable if the information it reportedly collected fell into the wrong hands.
Either way, Samsung’s got some serious explaining to do.
UPDATE: False alarm. Please see the updated story here.
