Samsung Plants Keyloggers On Laptops

Saint Aardvark writes "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to 'monitor the performance of the machine and to find out how it is being used.' As Hassan says, 'In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.' Three PR officers from Samsung have so far refused comment."

Not once, but twice

[HomelessInLaJolla]

The public exposure of this software keylogger which could be somewhat easily discovered by a general user is the decoy for the hundreds and thousands of idiosyncratic hardware exploits which are available on nearly all systems.

Those who designed the room sized adding machines knew the exploits and limitations of those. When room sized adding machines became room sized programmatic machines those who oversaw the development and migration knew the limitations and exploits of those. When room sized programmatic machines began to approach table sized microcomputers those who oversaw the development and migration knew the limitations and exploits of those. When table sized microcomputers developed external storage devices then those who oversaw the development and integration knew the limitations and exploits in those.

The obvious has escaped the notice of the overall computing community.

Re:WTF?

[Just because I'm an]

I often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. Of course people may still not know what they're in for but at least there's a chance you can stop yourself getting affected by a keylogger if you bothered to check it was there. Also if this was a legal requirement then a failure to disclose its presence would lead to a relatively strightforward penalty. I know most of the readers here would probably install the system themselves and likely not even Windows but for the bulk of the consumers it might be useful to at least know what's coming and be able to make a choice *before* the purchase is made.
-

I'd like to see Samsung get into big trouble over this because it is inherently wrong, at least that's my position, but I am less sure if they have broken any actual laws. Maybe some digital eavesdropping provisions that are only allowed to be done by governments have been breached but I can see Samsung weaselling out of that one. There's probably a disclaimer in 5point font 100 pages into the agreement that the buyer agrees to by opening the box.... of course that's wrong too. Oh where to start...

Re:Only one case?

[cobrausn]

I was actually wondering the same thing myself. The article links to another discussion [sunbeltsoftware.com] where a user's root kit scan caused a 'total freeze' on a samsung netbook, but this seems like something that needs verification before we grab the torches and pitchforks.

Re:WTF?

[lgw]

Sony paid over half a billion to settle their FTC lawsuit, and who knows how muchmore for other lawsuits. And that was the little stuff. Because Sony's rootkit made it onto many government-owned computers, the DoJ got pissed with them , and basically said "we're giving you the benefit of the doubt this once that you didn't intend to extract sensitive information from government computers, but keep in mind that penalties for doing so could include a ban on sales of all Sony products in America, and siezure of all Sony assets in America". You'd think that would get everyone's attention.

Re:WTF?

[lgw]

If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company. Sony's rootkit got Sony threatened with ending the presence of Sony in America - while America may let corporations slide on many issues, actual espianage involving a foreign corporation and sensitive government data won't be ignored.

Samsung should be very thankful that the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them at the factory: an idea that many /.ers once dismissed as crazy paranoia, back when Thinkpad shifted to Lenovo.

Re:WTF?

[Coeurderoy]

There was a title for this in germany before WW1 it was called the
- Sitz DIrector (or Redactor for a news paper) Sitting Director
They has also the "früshtuck director" Breakfast Director

THe first one is the one supposed to go to jail in case of problems, and the second one is usually an aristocrat with a nice title he takes the VIP to breakfast and other "meetings", so the real directors do not need to loose time...

But somehow the IRS equivalent tends to think that whoum ever is making the most money in the company is the one that should go to jail....
(not that it happens very often unfortunatelly)...

So basically you should investigate the money trail and this gives you the "effective CEO" and that person should be the one sued...

About the security of foreing built computers this is b**t ALL computers a build by an handfull of ODM in china, if the US government is not basically trashing the preinstalled software of any sensitive machine to install their own their clueless...

And since they know how easy it was for them to stop various categories of foreing computers they cannot really ignore this...

So buying US computer is purelly lobbying and nationalism...

Monitor performance?

[parlancex]

Installing a keylogger that also does screen captures to "monitor the performance" of their laptops would be like a homebuilder installing secret video cameras all over your house that relay the pictures back to him telling you he needs to "monitor the performance" of the house.

Re:WTF?

[lgw]

That bit of German history is very cool, thaks.

If the final assembly and sale of a laptop is done in the US by a US company, then the government can hold the company responsible for making sure there are no rootkits, in software, firmware, or BIOS. And that is one case in which not just the CEO, but any engineer knowingly involved in espianage, would go to jail for a very long time. They can't hold a foreign company similarly responsible (though they could ban the company from America and sieze all its American assets, which sounds to me like enough of a threat).

Re:WTF?

[number11]

If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company.

True. What needs to be done is, find the corporation guilty, and give it 30 days. Now, 30 days in the slammer is only a slap on the wrist, as punishments go. And of course, you can't actually put the corporation in the local jail, but you can put it under "house arrest". Send the marshalls around to padlock their premises, and freeze their bank accounts for 30 days.

The economic consequences to the corporation would be vastly greater than any fine that could be levied. But nobody worries about other criminals who won't be able to meet their financial commitments if they do a stretch in the workhouse, so why should we worry about that when it's a corporate "person"?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:WTF?

[number11]

How many innocent investors and employees are you willing to punish for the malicious actions of a few?

They don't get "punished". Criminal behavior often hurts innocent bystanders, are you saying that somebody with a spouse and three kids should be exempt from jail because to jail them would hurt their dependents? Hell, the investors will be hurt if the corporation makes a marketing blunder, why not if the corporation commits a crime? Yes, it's unfortunate. Maybe we should give the investors and employees standing to sue the corporation for any damages they suffer.

What if the company provides a vital service to its customers?

What if I provide a vital service to my customers? Does that mean I should be exempt from jail?

Re:WTF?

[bill_mcgonigle]

These are good arguments for why big corporations are unmanageable. Too big to fail, too big to punish, too big to hold accountable.

Perhaps we should stop allowing the the government to protect these giant corporations.