UPDATE! – Earlier today, Samsung reported that this fiasco was nothing more than a case of mis-identification on the part of VIPRE. Apparently, VIPRE can be fooled by Microsoft’s Live Application multi-language supporter. This doesn’t explain why a supervisor with Samsung originally stated that a keylogger was intentionally placed on the machines in order to monitor what customers are doing with the machines. We will continue to monitor this situation and update again if any new information becomes available.
Here we go again, folks. Mohamed Hassan recently purchased a new Samsung R525 laptop. Like any geek worth his (or her) salt, he ran a full system scan with his favorite antivirus product prior to using it for the first time. Much to his surprise, he found a commercial-grade keylogger within seconds. The name of this nasty little program is StarLogger – and Samsung has admitted it was placed there on purpose.
StarLogger is not a nice piece of software. It records every keystroke on a machine – including on password-protected ones. The program automatically begins to run when the computer is booted. It will then randomly email results and includes screenshots. Samsung claims that this was only done in order to “monitor the performance of the machine and to find out how it is being used.”
Yup, you read that correctly. Samsung wants to know everything you’re doing on your personal laptop. Isn’t that nice of them?! Not only is this creepy on a level I have no words to describe, it’s also likely illegal. Back when we dealt with the whole Sony CD rootkit, then FTC chairman Deborah Platt Majoras stated that the “installations of secret software which create security risks are intrusive and unlawful.” It’s assumed that the company will fight the legalities and come up with some half-baked excuse as to why they should be allowed to do this.
Think of it this way, though: if a nefarious person managed to hack into the databases at Samsung… imagine the potential catastrophe there. I don’t care how secure a company thinks it is, it can still happen. We’ve seen it time and time again. Every word you type into your machine – including passwords, banking information and much MUCH more – will fall into the hands of criminals.
At least Samsung is owning up to what they’ve done, and is already at work to correct it:
Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation.
I’m sorry, but that’s simply not enough. What is there to investigate? If the software was placed there intentionally then I’m not sure why time and money needs to be wasted determining what it’s doing there. The company needs to own up to this colossal breach of trust and security and take quick steps to correct it.
What are your thoughts?