Samsung Plants Keyloggers On Laptops 515
Saint Aardvark writes "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to 'monitor the performance of the machine and to find out how it is being used.' As Hassan says, 'In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.' Three PR officers from Samsung have so far refused comment."
Re:WTF? (Score:5, Informative)
They should be prosecuted over crap like this.
They will be. Sony got hit with tons of lawsuits, and they weren't using software that could steal your password. This just took corporate big brother behavior to a whole new level of invasive.
Yet another example (Score:1, Informative)
Re:Without obtaining consent? (Score:5, Informative)
They can put anything they darn well please into the EULA, it doesn't guarantee it to be binding or legally enforceable.
They could sneak a line in somewhere in the middle of page 28 of 45 that says by using this software you're required to send them a check for $500. It would be very hard to enforce.
The practice of installing hidden software like that already has been condemned by the FTC. (from TFA: In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).) So they're probably going to get hammered on this. And rightfully so.
Usually when their legal department refuses to reply when you're requesting comments before someone goes public, it's because they're busy batoning down the hatches and polishing up their resumes.
Re:WTF? (Score:5, Informative)
Re:Only one case? (Score:4, Informative)
Re:Not once, but twice (Score:3, Informative)
He's saying this is this is lame. the real shiza is in the chip.
Re:WTF? (Score:2, Informative)
Sony America and Samsung America are actually separate financial entities. They can be sued in one area and not another for example they can be sued in the U.S. but the same suit may not apply to the EU.
I wonder if they are doing this with their phones also?
Samsung and Sprint do this with Android phones too (Score:5, Informative)
Re:WTF? (Score:3, Informative)
Umm, yea.
http://en.wikipedia.org/wiki/Bernard_Madoff [wikipedia.org]
http://www.bloomberg.com/news/2011-03-30/ex-taylor-bean-official-ragland-to-enter-plea-in-1-9-billion-fraud-case.html [bloomberg.com]
And this dude is in court right now
http://en.wikipedia.org/wiki/Raj_Rajaratnam [wikipedia.org]
Theres alot of cases going on, have ended in pleas if you just google.
Re:WTF? (Score:5, Informative)
Oh please. Take it from me -- I work for an "American Company" that is completely owned by a Japanese company and is completely run by employees of that same Japanese company. It's a lie. It's a huge lie. It's a lie on the scale of saying "santa claus is real." It's clearly and obviously not the truth.
Re:And we do this how? (Score:3, Informative)
Re:WTF? (Score:3, Informative)
Yes they should, it is a felony after all.
Technically it isn't. It is a felony to gain unauthorized access to someone else's computer, but there is no law against installing this sort of software before the computer is sold.
A car analogy: I can't break into your car to install a GPS tracking device, but many new car manufacturers install devices with similar functions at the factory, eg. GM's ONSTAR system.
Re:WTF? (Score:5, Informative)
Wow. [citation needed] much? Let's go down the list, shall we?
1) Not only can I find no evidence of a $500M figure ever having existed before your comment, but if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit. By all indications (i.e. because it's not mentioned in their annual filings from that year and there are no followup stories to be found), this did not impact their bottom line in any sort of meaningful way.
2) As for what the settlement actually was, they paid up to $150-175 per customer that damaged their PC in an attempt to remove the rootkit (see here [cnet.com]), plus $5.75M in settlements to various states (source [pcworld.com]). That's it. It probably cost them less than $10M to settle the whole thing.
3) For a quick example of a company that can take a hit like the one you talked about, we all remember the Microsoft EU antitrust case from a few years back, right? The one regarding media players, where they were fined roughly $600M, and had followup fines of roughly $250M and $1.44B, all of which were extensively covered in the news since they were, at the time, the largest fines ever handed down by the EU (more info [wikipedia.org]). But Microsoft was able to absorb the hit. Of course, they could do that since their operating income last year was about $24B (source [sec.gov]), which is roughly 70x that of Sony's.
4) As for your DOJ claims, I can't find anything about government computers being infected (though I wouldn't doubt it) or the DOJ being involved at all. In fact, they never got involved [mp3newswire.net], despite the public outcry and requests that a criminal investigation be launched.
Aside from government computers getting infected, is anything you said true, or are you just routinely off by a few orders of magnitude when quoting figures, as well as prone to making up stories that have little basis in fact?
Samsung's official? response in Korea (Score:2, Informative)
saw this posted on samsung blog.
http://samsungtomorrow.com/1070
What they are saying is that the user was using security program called Vipre which reports \SL folder (slovenian language) created by Microsoft Live app as keylogger.
it's all a lie. (Score:5, Informative)
Utter bullshit (Score:5, Informative)
False positive from a rarely used AV package - detects the same thing in an empty folder on a clean machine.
http://www.f-secure.com/weblog/archives/00002133.html [f-secure.com]