The South Korean electronics giant Samsung may be spying on its own customers, using a program pre-installed on laptops that secretly monitors every keystroke.
In a guest posting on NetworkWorld, Toronto security researcher Mohammed Hassan described how he found keylogging software on a brand-new Samsung laptop he bought last month. He deleted it and continued to use the laptop, until it developed other problems.Hassan returned it to the retailer and came home with a slightly better Samsung model — which also turned out to have the keylogging software.
He called Samsung telephone support, and after some buck-passing, finally spoke to a supervisor, who first tried to blame it on Microsoft.
Told that didn't make sense, the supervisor then admitted to Hassan that the software is there to "monitor the performance of the machine and to find out how it is being used."
The software was a commercial product called StarLogger, which its maker says is "completely undetectable and starts up whenever your computer starts up."
It also captures screenshots at predetermined intervals. Both the keystrokes and the screenshots can be secretly emailed to designated addresses.
Hassan says there was no notification that his keystrokes were being logged.
But it seems that Samsung may not have been trying very hard to conceal StarLogger. The software was hiding in plain sight at the file path "c:\windows\SL\".
Samsung's behavior is probably illegal, and definitely unethical. As Hassan puts it, "the issue has legal, ethical, and privacy implications for both the businesses and individuals who may purchase and use Samsung laptops."
Five years ago, the Sony BMG music company was found to be illegally inserting malware on music CDs that would install "rootkits" into Windows laptops to prevent them from "ripping" MP3 files. Sony BMG eventually paid $575 million in fines and payouts connected with multiple lawsuits.
To anyone who's recently purchased a Samsung laptop, make sure you scan it thoroughly with antivirus software, and also search its Windows folder for a directory called "SL."
If you find something like what Hassan described, you might want to consider contacting NetworkWorld — and possibly a lawyer.
Samsung representatives had not responded to NetworkWorld's queries by Wednesday afternoon (March 30).
0 comments:
Post a Comment