Samsung caught selling new computers with a keylogger (update: it was a false positive)

By on March 30, 2011, 5:00 PM
Update: Samsung has issued a statement via its Samsung Tomorrow blog denying that its notebooks are shipping with any kind of keylogger software. It's been concluded that Vipre Antivirus was reporting a false positive on the folder C:WINDOWSSL, which corresponds to the Slovenian language directory for Windows Live. This same directory path is used by the StarLogger keylogger. We apologize for reporting this false information, although the original source had a Samsung technical supervisor confirming that the computers were shipping with logging software for performance monitoring purposes. Samsung has further stated that they launched an internal investigation as soon as the Network World report was brought to their attention. The original story is below.

If you own a computer manufactured by Samsung, you should run a scan with your preferred antivirus software immediately. According to a two-part report published by Network World, researcher Mohamed Hassan discovered that the company's 15.6-inch R525 and R540 notebooks ship with a commercial keylogger.

Called StarLogger, the software launches with Windows and runs in the background, making it tricky to detect without some form of antimalware program. StarLogger can record every keystroke made on the system and it's also capable of taking screenshots. That data is emailed to an address specified by the installer (i.e. Samsung).

After initially denying the claims, Samsung admitted to installing StarLogger on new computers to gather customer usage data -- without consent, mind you. It's unclear exactly what data StarLogger is collecting, but a Samsung supervisor said it's used to "monitor the performance of the machine and to find out how it is being used."


Besides that tidbit, the company has been incredibly quiet about the matter. Network World contacted three Samsung public relations offers for a comment, but none of them replied after a week. Likewise, other publications have sought a response from Samsung, but the company appears to be ignoring emails and phone calls.

In 2005, Sony BMG Music Entertainment sold music CDs with a copy protection scheme that installed rootkit software on computers. Customers were furious when they found out and quickly filed a class-action suit forcing Sony to recall 4.7 million CDs and pay $575 million in damages -- undoubtedly more than it gained by using the DRM.



User Comments: 50

Got something to say? Post a comment
Emin3nce said:

"to find out how the computer is being used?"

So basically when some poor samsung customer is fapping away on his samsung lappy, suddenly samsung have a picture of it? What about when they're browsing facebook? All of a sudden samsung have birthdays, friends names, phone numbers...

**** off samsung.

Nima304 said:

Emin3nce said:

"to find out how the computer is being used?"

So basically when some poor samsung customer is fapping away on his samsung lappy, suddenly samsung have a picture of it? What about when they're browsing facebook? All of a sudden samsung have birthdays, friends names, phone numbers...

**** off samsung.

It's a keylogger; it can only see what you're typing. However, I'm worried about people's online banking accounts and their passwords sitting there in some Samsung database.

Zecias said:

Nima304 said:

Emin3nce said:

"to find out how the computer is being used?"

So basically when some poor samsung customer is fapping away on his samsung lappy, suddenly samsung have a picture of it? What about when they're browsing facebook? All of a sudden samsung have birthdays, friends names, phone numbers...

**** off samsung.

It's a keylogger; it can only see what you're typing. However, I'm worried about people's online banking accounts and their passwords sitting there in some Samsung database.

StarLogger can record every keystroke made on the system and it's also capable of taking screenshots.

read more carefully

chaboi390 said:

wow, i feel abit more insecure by this,

Just think about other manufacturers whos doing the same thing with out our consent.

Abit freaky....

motrin said:

i'm going to reconsider buying Samsung products. i don't care if there not laptops. this is absurd!

gwailo247, TechSpot Chancellor, said:

this makes Sony's rootkit look like a minor nuisance.

i say 2 or 3 billion would be an appropriate reminder for Samsung.

Guest said:

This is why you should immediately format any new computer and install the software yourself. God knows what else these manufacturers put in these machines.

M1r said:

...and I nearly bought a samsung laptop few weeks ago...phew.

ramonsterns said:

These companies think they can pull this bullshit back and forth and pretend it's all fine and dandy like we should be used to it.

**** off, Samsung. And any other company who thinks we're stupid sheep forced to buy their crap.

Guest said:

Oh that's nice. One more company to boycott.

Guest said:

How can you tell if your gaming console is not 'equiped' with a keylogger to snoop on hackers or would be hackers. With all the firmware updates they occasionaly get, it's easy to add one. Plus you can't run anti-malware on a console to find-out.....

---agissi--- ---agissi---, TechSpot Paladin, said:

I have that lappy!! The R540, I havnt had it long. Good thing the hard drive broke from a 2 foot fall off my bed and I installed a new drive.

hellokitty[hk] hellokitty[hk], I'm a TechSpot Evangelist, said:

I wonder if they thought that no one would notice o.o.

EDIT: You know what, I feel that there is no way they thought they could have gotten away with this.

Wonder what they did.

Kibaruk Kibaruk, TechSpot Paladin, said:

I always make clean installs on new notebook/pc/netbook... lets leave it at computer, nothing ever works as good as you want when someone else has put their hands on YOUR computer and you avoid this kind of crap.

Hope Samsung gets their ass sued for so much that they have to sell.

BlueNoser said:

Was contemplating the purchase of a Tab 2 but now, Asus EE Transformer gets my money.

Thanks for the heads up

Win7Dev said:

I've always thought of Samsung as cheap and low quality.... Now I know why. This is one of the stupidest things that they could have done. It would surprise me if a few people were fired in the next week or two. Someone above also made a good point about consoles. There is much less to lose, but still its your privacy being invaded.

AnonymousSurfer AnonymousSurfer said:

They will receive a lot of **** as they should for this.

I think they under thought what keyloggers were generally used for, and not for "Their purpose".

Man oh man are people stupid.

Guest said:

Something doesn't seem right with this story....

The keylogger isn't cleverly hidden and would be picked up by security software, and I also don't think you can take the "confession" of a samsung support supervisor to be gospel truth.

Why hasn't this been found on computers across the world rather than two computers (2) owned by the same person...who also happens to run a security consulting business?

Where is the proof it came from Samsung, or the flipside, Where is the proof he didn't do it, or put on somewhere in the distribution process.

Where are the screenshots showing identical install dates for the OS and the keylogger?

I'm sure more info will come out but this seems very flaky to me.

Guest said:

Guest@09:16 PM "Where is the proof it came from Samsung"

"After initially denying the claims, Samsung admitted to installing StarLogger on new computers..."

That part sounds like a confession.. If they were sure it wasn't their fault, they'd have defended themselves and launched a counter-offensive to prove it was someone else or have launched an internal investigation in case it had been something within the company but not approved of by the company (ie: someone broke the rules). Probably cheaper to admit it and play innocent/naive than to launch investigation or risk independent audit. Just my speculations though, you may have a different perspective..

Guest said:

That does it!! I am a hbig fan of Samsung but now they can go stuff themselves when it comes to pc's. from now on, I wil have much less trust in them, dude you are right, these pc makers really think we are stupid dam anamals!!!! what a disappointment!

Guest said:

aaaand that's why I"m happy that I do clean installs on new computers, kind of a shame, I was really digging their latest series 9 laptops, but stuff like this would keep me from supporting a company that makes stupid fkn decisions...a keylogger, Really?? lolz

Guest said:

Never again will I purchase a Samsung product, TV or anything else. This is criminal.

nismo91 said:

so since keyloggers are pretty much hidden, how do i check for it? running processes? installed programs? or active connections? this is very bad news for Samsung, but they deserve it if they really did it.

-edit: cnet shows how to remove starlogger if you have one.

Guest said:

Formatting new laptops doesn't really help. The keylogger could come with your "chipset driver", your "display driver" or whatever apps the manufacturer is offering you to "increase performance of the system and battery life".

St1ckM4n St1ckM4n said:

^-- Formatting gets rid of this bloatware, and only installs via Windows Update..?

Burty117 Burty117, TechSpot Chancellor, said:

This is why I always buy a new hard drive with every laptop I buy or recommend to a friend, plus I buy a decent spec one as well

To guest saying it could come with a driver package, if that is true then Samsung really are breaking the law but I doubt it is in a driver package.

Kibaruk Kibaruk, TechSpot Paladin, said:

Not only that Burty117 but also the hardware manufacturer and driver supporter would be as well.

Mizzou Mizzou said:

Here's a quick article on ZdNet reporting that this is a false positive [link] . If there really is anything to this, we should know today unless the key logger software was only installed on these two laptops.

yRaz yRaz said:

This is why I will always build my own. When I bought my laptop the first thing I did was format it.

1) no bloatware

2) don't have to worry about this kind of bull.

mosu said:

Samsung is becoming the new Sony...

xempler said:

Their excuse smells fishy to me. Why risk getting sued and paying millions in fines for some marketing data. I think there's more to this story or someone is lying.

Guest said:

please please please tell me there is a class action law suit against these azz clowns.

that is soooooo wrong.

they need to pay.

Guest said:

They should take down this article and apologize for Samsung as it was found out that this was a load of BS.

http://www.engadget.com/2011/03/31/samsung-reportedly-instal
ing-keylogger-software-on-r525-privac/

Guest said:

Read this

http://www.samsungtomorrow.com/1071

(Gullibilty and paranoia still seem alive and well)

Guest said:

@Techspot

Remember - tomorrow - is April Fools Day

Journalism standards ?

ET3D, TechSpot Paladin, said:

I agree. Where did "Samsung admitted to installing StarLogger" come from? I followed this story on several sites, and the only place it got mentioned is here (though it might have been taken from somewhere). Considering that it turns out that StarLogger wasn't installed, I doubt that Samsung admitted to that, so it looks like it's pure libel.

ET3D, TechSpot Paladin, said:

Sorry, my bad. The engadget story does say a company representative admitted to it.

Guest said:

This post requires an update since the findings reported have been proven to be incorrect. There is no need to get all upset with Samsung, and this little mistake (not TechSpot's fault, mind you, but VIPRE's) is costing Samsung some serious PR.

EDO219 said:

hm ... here's what I have found across the web:

- The Samsung representative who "admitted" to the existence of a keylogger was a supervisor of a help desk call center. Perhaps my reason for pointing this out is purely anecdotal evidence, but I have met many help desk supervisors who are woefully misinformed. Furthermore, I find it unlikely that a truly knowledgeable representative of Samsung would admit to such a thing if it were true.

- Mr. Hassan has not described his methodology, that I am aware of. He tested only two Samsung laptops (one R525 and one R540), but which software did he use and when did he use it in respect to first turning on the machines?

- Why hasn't Mr. Hassan addressed Samsung's claim that his findings were a false positive incurred by a Windows Live folder (SL) for the Slovene language?

- Others have attempted to replicate Mr Hassan's findings, yet I have seen none which have found StarLogger on any model of Samsung laptop.

nismo91 said:

[link]

VIPRE team apologizes for the false positive, what a shame. kudos back to Samsung.

matrix86 matrix86 said:

Yes Techspot, y'all do need to do an update article. I'm sure there are many who have read your article and turned away from Samsung, but have not read the comments here showing that there wasn't a keylogger installed.

nismo91 posted a link to VIPRE's apology, but i'll do it again:

[link]

And from another site:

[link]

BrianUMR said:

Yeah techspot you should really do a better article update and change the title of the article.

Zilpha Zilpha said:

I agree - I forwarded this article around the office already and a title change is in order - not just an (update) addendum. It's incredibly misleading (the update really could mean anything).

EDO219 said:

haha Come on now, you can't just add "(update)" to an article's title that is still an unknown at best! Making this article's title into a question would suffice. For example, add the word "Was" at the beginning and a question mark at the end.

Imagine for a moment how the current title would appear if it were describing a different crime. haha

"Barack Obama caught stealing candy from a baby (update)"

matrix86 matrix86 said:

Yeah, adding "update: it was false positive" is kind of a lazy way out. You guys are here to educate us. People need to know what went on, what went wrong. I know some of us posted links to articles but it's not realy our job. I'm not meaning to tell you guys how to do your job, i just want to make sure Techspot stays a reliable source of news. I love the site and i love the articles, but this is not the way to do a proper update...just sayin. It's not a good way to keep subscribers.

Sorry to be so forward, but as a heavy techspot user, i want to be sure i'm getting current, accurate, and up to date info. And i want to be sure i'm getting the whole story, even if that includes you linking me to another article. I may not like that you're doing that, but at least i'm gerting the full story.

And now i step off of my soap box, lol.

gwailo247, TechSpot Chancellor, said:

matrix86 said:

Yeah, adding "update: it was false positive" is kind of a lazy way out. You guys are here to educate us. People need to know what went on, what went wrong. I know some of us posted links to articles but it's not realy our job. I'm not meaning to tell you guys how to do your job, i just want to make sure Techspot stays a reliable source of news. I love the site and i love the articles, but this is not the way to do a proper update...just sayin. It's not a good way to keep subscribers.

Sorry to be so forward, but as a heavy techspot user, i want to be sure i'm getting current, accurate, and up to date info. And i want to be sure i'm getting the whole story, even if that includes you linking me to another article. I may not like that you're doing that, but at least i'm gerting the full story.

And now i step off of my soap box, lol.

+1, this deserved a new article, pretty big news considering the initial comments.

Guest said:

It is disturbing to see how gullible people are. The initial reaction to this is typical of mob violence launched against innocent people based on a rumor. People really need to think things through and look for possible explanations of reports like this before circling the wagons.

Win7Dev said:

Ooops....

I guess someone jumped the gun a little on this one.

Guest said:

HAHAHA....the gullible ones are the people who wrote "I'll never buy Samsung products again!"

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.