Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Android Portables Security

Samsung Plants Keyloggers On Laptops 515

Saint Aardvark writes "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to 'monitor the performance of the machine and to find out how it is being used.' As Hassan says, 'In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners.' Three PR officers from Samsung have so far refused comment."
This discussion has been archived. No new comments can be posted.

Samsung Plants Keyloggers On Laptops

Comments Filter:
  • WTF? (Score:5, Insightful)

    by Anonymous Coward on Wednesday March 30, 2011 @06:18PM (#35671970)

    Worst idea since Sony's rootkit. They should be prosecuted over crap like this.

    • Re:WTF? (Score:5, Informative)

      by FlatEric521 ( 1164027 ) on Wednesday March 30, 2011 @06:26PM (#35672048)

      They should be prosecuted over crap like this.

      They will be. Sony got hit with tons of lawsuits, and they weren't using software that could steal your password. This just took corporate big brother behavior to a whole new level of invasive.

      • Re:WTF? (Score:4, Interesting)

        by lgw ( 121541 ) on Wednesday March 30, 2011 @06:51PM (#35672314) Journal

        Sony paid over half a billion to settle their FTC lawsuit, and who knows how muchmore for other lawsuits. And that was the little stuff. Because Sony's rootkit made it onto many government-owned computers, the DoJ got pissed with them , and basically said "we're giving you the benefit of the doubt this once that you didn't intend to extract sensitive information from government computers, but keep in mind that penalties for doing so could include a ban on sales of all Sony products in America, and siezure of all Sony assets in America". You'd think that would get everyone's attention.

        • Re:WTF? (Score:5, Informative)

          by Anubis IV ( 1279820 ) on Thursday March 31, 2011 @12:37AM (#35674798)

          Wow. [citation needed] much? Let's go down the list, shall we?

          1) Not only can I find no evidence of a $500M figure ever having existed before your comment, but if they had made a settlement for a half billion dollars, Sony wouldn't exist today. Their operating income last year was just $342M (source [sony.net]). Fat chance that Sony could survive a $500M settlement hit. By all indications (i.e. because it's not mentioned in their annual filings from that year and there are no followup stories to be found), this did not impact their bottom line in any sort of meaningful way.

          2) As for what the settlement actually was, they paid up to $150-175 per customer that damaged their PC in an attempt to remove the rootkit (see here [cnet.com]), plus $5.75M in settlements to various states (source [pcworld.com]). That's it. It probably cost them less than $10M to settle the whole thing.

          3) For a quick example of a company that can take a hit like the one you talked about, we all remember the Microsoft EU antitrust case from a few years back, right? The one regarding media players, where they were fined roughly $600M, and had followup fines of roughly $250M and $1.44B, all of which were extensively covered in the news since they were, at the time, the largest fines ever handed down by the EU (more info [wikipedia.org]). But Microsoft was able to absorb the hit. Of course, they could do that since their operating income last year was about $24B (source [sec.gov]), which is roughly 70x that of Sony's.

          4) As for your DOJ claims, I can't find anything about government computers being infected (though I wouldn't doubt it) or the DOJ being involved at all. In fact, they never got involved [mp3newswire.net], despite the public outcry and requests that a criminal investigation be launched.

          Aside from government computers getting infected, is anything you said true, or are you just routinely off by a few orders of magnitude when quoting figures, as well as prone to making up stories that have little basis in fact?

          • Of course, it occurs to me now (always after I hit the Submit button, of course) that maybe you meant yen for your figure. If that were the case, your estimate is pretty close. Hmm...

    • Probably worse idea, since, IIRC the Sony rootkit didn't collect all of the data that this keylogger could. Whatever the case is though, still an extremely douchey move, Samsung, and hopefully one they'll be sued to hell over.

    • Re:WTF? (Score:5, Insightful)

      by spun ( 1352 ) <loverevolutionary.yahoo@com> on Wednesday March 30, 2011 @06:27PM (#35672058) Journal

      Worse than Sony's rootkit. Both programs attempt to do something to your property without your consent, but only this one also takes the opportunity to spy on you. They won't be prosecuted, though. At the very worst, some sacrificial lamb from marketing will be fired. American corporate CEOs are above the law.

      • Re:WTF? (Score:5, Informative)

        by Missing.Matter ( 1845576 ) on Wednesday March 30, 2011 @06:32PM (#35672120)
        Samsung's CEO is Korean. Samsung is Korean company, you know.
        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Shh, it's better to trash "American CEO's" and "American Coporations" Stop with your facts

          • "Facts are stupid things" - Ronald Reagan during a speech at a convention

            Perhaps some of these PC vendors think that people are so used to malware that a little more doesn't matter?

      • Re:WTF? (Score:5, Interesting)

        by lgw ( 121541 ) on Wednesday March 30, 2011 @06:59PM (#35672380) Journal

        If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company. Sony's rootkit got Sony threatened with ending the presence of Sony in America - while America may let corporations slide on many issues, actual espianage involving a foreign corporation and sensitive government data won't be ignored.

        Samsung should be very thankful that the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them at the factory: an idea that many /.ers once dismissed as crazy paranoia, back when Thinkpad shifted to Lenovo.

        • Re:WTF? (Score:5, Interesting)

          by Coeurderoy ( 717228 ) on Wednesday March 30, 2011 @07:31PM (#35672712)

          There was a title for this in germany before WW1 it was called the
          - Sitz DIrector (or Redactor for a news paper) Sitting Director
          They has also the "früshtuck director" Breakfast Director

          THe first one is the one supposed to go to jail in case of problems, and the second one is usually an aristocrat with a nice title he takes the VIP to breakfast and other "meetings", so the real directors do not need to loose time...

          But somehow the IRS equivalent tends to think that whoum ever is making the most money in the company is the one that should go to jail....
          (not that it happens very often unfortunatelly)...

          So basically you should investigate the money trail and this gives you the "effective CEO" and that person should be the one sued...

          About the security of foreing built computers this is b**t ALL computers a build by an handfull of ODM in china, if the US government is not basically trashing the preinstalled software of any sensitive machine to install their own their clueless...

          And since they know how easy it was for them to stop various categories of foreing computers they cannot really ignore this...

          So buying US computer is purelly lobbying and nationalism...

          • Re:WTF? (Score:5, Interesting)

            by lgw ( 121541 ) on Wednesday March 30, 2011 @07:39PM (#35672796) Journal

            That bit of German history is very cool, thaks.

            If the final assembly and sale of a laptop is done in the US by a US company, then the government can hold the company responsible for making sure there are no rootkits, in software, firmware, or BIOS. And that is one case in which not just the CEO, but any engineer knowingly involved in espianage, would go to jail for a very long time. They can't hold a foreign company similarly responsible (though they could ban the company from America and sieze all its American assets, which sounds to me like enough of a threat).

        • by PCM2 ( 4486 )

          the US Government in general avoids foreign-built computers out of a strange fear that there might be keyloggoers or similar installed on them at the factory: an idea that many /.ers once dismissed as crazy paranoia, back when Thinkpad shifted to Lenovo.

          Thinkpads were being built by Lenovo long before they carried Lenovo's branding on them.

        • Re:WTF? (Score:5, Interesting)

          by number11 ( 129686 ) on Wednesday March 30, 2011 @07:39PM (#35672800)

          If you make a habit of punishing "the CEO", then "the CEO" will be a fall guy hired by whoever actually runs the company.

          True. What needs to be done is, find the corporation guilty, and give it 30 days. Now, 30 days in the slammer is only a slap on the wrist, as punishments go. And of course, you can't actually put the corporation in the local jail, but you can put it under "house arrest". Send the marshalls around to padlock their premises, and freeze their bank accounts for 30 days.

          The economic consequences to the corporation would be vastly greater than any fine that could be levied. But nobody worries about other criminals who won't be able to meet their financial commitments if they do a stretch in the workhouse, so why should we worry about that when it's a corporate "person"?

          • Congratulations, you've just made everyone who works at that corporation, everyone who depends on that corporation's product, everyone who owns stock in that corporation, a willing, an *enthusiastic* accomplice to whatever crimes they may commit. Because they sure as hell won't want the corporation to ever be convicted of it.

            • Re:WTF? (Score:5, Insightful)

              by Pharmboy ( 216950 ) on Wednesday March 30, 2011 @09:33PM (#35673666) Journal

              That isn't a bad thing. It means the company will have trouble attracting quality talent unless it develops a system and policy to NOT do things like install root kits on computers. If you work for a company that does bad things, and you pay a price, you might want to go work somewhere else, or risk paying that price.

              Is it "fair" to all the low level employees? Maybe not, but it will be effective in protecting the general public, which means it is worth the price, since it creates an incentive for companies to NOT be asshats and install root kits on devices.

              What is fair is that companies (and shareholders) pay a price for breaking the law. This is the only way you can pressure stockholders and employees to pressure their management to do business in a fair and honest way, by having a "price" for not doing so.

    • Welcome to my shitlist, Samsung. I believe you already know Sony. I'm not sure if you've met Belkin. I'm sure you'll all become friends.

      • What's Belkin's deal?

    • Yes they should. This is why I wipe machines when I get them (with Linux these days as I'm not impressed with the information that a default Windows install phones home with). Is it going to take jail terms before these companies realize that the machines and software we're buying are ours, not theirs to do with as they please?
    • Re:WTF? (Score:4, Interesting)

      by Just because I'm an ( 847583 ) on Wednesday March 30, 2011 @06:35PM (#35672144)
      I often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. Of course people may still not know what they're in for but at least there's a chance you can stop yourself getting affected by a keylogger if you bothered to check it was there. Also if this was a legal requirement then a failure to disclose its presence would lead to a relatively strightforward penalty. I know most of the readers here would probably install the system themselves and likely not even Windows but for the bulk of the consumers it might be useful to at least know what's coming and be able to make a choice *before* the purchase is made.

      I'd like to see Samsung get into big trouble over this because it is inherently wrong, at least that's my position, but I am less sure if they have broken any actual laws. Maybe some digital eavesdropping provisions that are only allowed to be done by governments have been breached but I can see Samsung weaselling out of that one. There's probably a disclaimer in 5point font 100 pages into the agreement that the buyer agrees to by opening the box.... of course that's wrong too. Oh where to start...

      • I often wondered whether as with food where there is a legal requirement to list the ingredients there should be a similar requirement for PC vendors to list all the bloat/crap/ad-ware they include on their products. Of course people may still not know what they're in for but at least there's a chance you can stop yourself getting affected by a keylogger if you bothered to check it was there.

        Unfortunately, that wouldn't fix the problem. Just as they're now lobbying for the right to pass of HFCS as "corn su

    • Whoever approved this needs some jail time. Merely a fine for the "corporate person" guilty of this would just mean this sort of thing will continue if there's a chance of profitability.
      • by lgw ( 121541 )

        For people there is jail time, but for corporations there is "gross negligence". I hope it's not the same /.ers calling for criminal law for corporations and complaining about McDonalds being fined to much for serving cofee at a needlessly dangerous temperature.

        The "chance of profitability" is a very legitimate concern, and is countered in law by extreme fines when a company crosses a line that would be criminal if a person did it. According to TFA, Sony paid $575 million to settle just one of the lawsuit

  • Boycott (Score:5, Insightful)

    by Lead Butthead ( 321013 ) on Wednesday March 30, 2011 @06:27PM (#35672068) Journal

    Let them know their behavior isn't appropriate. Don't buy their product, and let everyone you know why you don't recommend buying their product.

    • They just lost two customers here, probably for life. My wife's not particularly tech-savvy, but she just saw the post over my shoulder and there's no way she'd buy a Samsung now. And I'll definitely pay extra (if necessary) to know I'm not being monitored with a keylogger. So the price is immaterial...I don't think either of us would take a Samsung computer of any sort for free at this point. (I know I could theoretically wipe it and start fresh, but if it's the manufacturer doing it, who knows what ki
    • A boycott is incredibly inadequate. The computers have already sold. The market didn't have this information at time of sale. And it doesn't have this information about any other product.

      The answer is criminal charges for wiretapping, amplified by the number of units shipped. Throw the CEO and their corporate council in jail, and I suspect it won't happen again.

      • Criminal charges where? Korea?
      • There's no need to choose between boycotting the manufacturer and criminal prosecution. Both are available to all of us and both should be used.

        "The computers have already sold" makes it sound like future sales with keyloggers are impossible. Samsung is not the only organization who can do this either.

    • Samsung:

      Net income US$ 13.8 billion (2009)

      Unless you know a few billion people, its not really going to work.

      • by node 3 ( 115640 )

        Yeah, I think it might be difficult to get a few billion Americans to join in on a boycott...

  • by Anonymous Coward on Wednesday March 30, 2011 @06:30PM (#35672098)

    I had a longer comment, but my machine crashed before I was able to submit. Just read it back at http://logger.samsung.com/mhassan/20110330log.txt

  • Only one case? (Score:5, Insightful)

    by demonbug ( 309515 ) on Wednesday March 30, 2011 @06:32PM (#35672118) Journal

    A quick search didn't turn up any other reports of this besides discussion pointing back to the linked Network World article. Considering it seems very easy to detect (an SL folder in the main windows directory, accompanied by an automatic uninstall program?) it seems like people wouldn't have any trouble finding it if it is there. Anyone have any confirmation? Anyone besides Mr. Hassan finding this on their new Samsung?

    • Re:Only one case? (Score:4, Informative)

      by echucker ( 570962 ) on Wednesday March 30, 2011 @06:38PM (#35672166) Homepage
      Some of the comments on the article reach the same conclusion. One even suggests it was someone at the store where they were purchased that installed the logger. Problem is, Samsung's tech support guy already admitted to it.
    • Re:Only one case? (Score:5, Interesting)

      by cobrausn ( 1915176 ) on Wednesday March 30, 2011 @06:38PM (#35672172)
      I was actually wondering the same thing myself. The article links to another discussion [sunbeltsoftware.com] where a user's root kit scan caused a 'total freeze' on a samsung netbook, but this seems like something that needs verification before we grab the torches and pitchforks.
      • If only this could get posted to a forum full of thousands of angry nerds. Oh wait! Slashdot: get on this, please.

    • by mgiuca ( 1040724 )

      Yes I'd like to see something a bit more scientific than "I bought two, and after setting it up they both had this program." Firstly, a scientific approach would take a byte-for-byte image of the hard drive before booting the machine even one time. That means you can investigate exactly the state of the machine as it arrived. Who knows? Maybe he was unlucky and using a dodgy network and someone on his network was injecting the software onto his machine some time after bootup?

      Secondly, I'd like to see a pack

  • Is Samsung now a NORTH Korean company?
  • i looked at the date... March 31st. so close.

    so now i'm not sure whether to believe this or not.

    i'm'a gonna watch and see if anybody else in the world of Samsung laptops finds the same thing. i'm sure many are searching for it now.

    • If this is a joke, it is begging for a libel suit. I mean, financial damages much? And it's not very funny. I'm waiting for confirmation, but it doesn't look good.

  • I get the feeling that my disabling all those update services that my HP and Toshiba laptops are bundled with can be justified better now. It's not just a performance issue anymore, but a security one. How much longer till others come forward and admit they've been doing the same?

    I've never fresh installed a new laptop on purchase day unless other than for business purposes, but this is getting scary.

    • I get the feeling that my disabling all those update services that my HP and Toshiba laptops are bundled with can be justified better now.

      You need a justification for configuring your own computer the way you like it?

  • Maybe the laptop the BP lost with personal information from thousands of people who've filed claims related to the Deepwater Horizon disaster was a Samsung. Just wait for someone to connect it to the internet.... voila. See? It's a FEATURE.
  • any other sources on this, it seems an incredibly stupid thing to do for a non-microsoft company.

  • by pmc ( 40532 ) on Wednesday March 30, 2011 @07:13PM (#35672540) Homepage

    OK - we have a keylogger that is plainly visible in the windows directory on his machine and.... that's it. Where is the rest of the evidence? It phones home - I presume he has wireshark traces in the acticle with IP addresses that are owned by Samsung.... Nope. Any network traces showing the activity? .... Nope. Naturally he bought another laptop and, without attaching it to any network, discovered the same keylogger.... Nope. Now he has announced this lots of people have looked at their Samsung laptops and found the keylogger... Nope.

    But wait - he has the admission of the company itself! Well, actually, a junior helpdesk driod who probably had no idea what he was actually talking about and was just agreeing with him to get him off the phone. Because the alternative is that every junior helpdesk droid in Samsung knows about the highly illegal secret keylogger that is install on every laptop, but none of them thought "I'm tired of being a helpdesk droid, I think a class action suit is a better way of making a living".

    There is also nonsense statements - "the keylogger is completely undetectable": Really? Apart from the c:/windows/SL directory, the entries in the registry and everything else that will make any sensible AV product go beserk that is.

    • by John Saffran ( 1763678 ) on Wednesday March 30, 2011 @08:20PM (#35673170)
      Agree with your scepticism .. While the author seems to have good security qualifications, they're mostly non-technical or managerial level and the articles are awfully devoid of details and I'm concerned that he starts with attempts to equate his accusations with the Sony incident before even providing his evidence .. it sounds like he's experiencing confirmation bias.

      If this is part of the standard install it should be easy to duplicate and with the publicity this is sure to generate it's likely to be attempted.. personally I'll wait for a technical person to comment on this and more importantly provide the details rather than "After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung" (that's not good enough imho).
    • Exactly. How is it undetectable if an antivirus detects it? And the guy's rationale for it not being a false positive is "it's never failed me before"? As many users below have pointed out, the story is false: http://samsungtomorrow.tistory.com/m/1071 [tistory.com] It was a false positive with a language pack that came with windows.
  • Monitor performance? (Score:4, Interesting)

    by parlancex ( 1322105 ) on Wednesday March 30, 2011 @07:35PM (#35672752)
    Installing a keylogger that also does screen captures to "monitor the performance" of their laptops would be like a homebuilder installing secret video cameras all over your house that relay the pictures back to him telling you he needs to "monitor the performance" of the house.
  • by pclminion ( 145572 ) on Wednesday March 30, 2011 @09:32PM (#35673654)

    I mean, literally, unbelievable. I do not believe it. And anyone else who believes it without some proof apart from what this dude says, is a god damned moron. Apparently that's most of the people in this thread.

    (The fact that someone at Samsung seems to have "confirmed" it just means that someone got hold of an idiot somewhere and he said some stupid crap, probably without even understanding what he was saying.)

  • it's all a lie. (Score:5, Informative)

    by herojig ( 1625143 ) on Thursday March 31, 2011 @02:25AM (#35675232) Homepage
    See http://www.samsungtomorrow.com/1071 [samsungtomorrow.com], from RTFA link.
  • Utter bullshit (Score:5, Informative)

    by igorthefiend ( 831721 ) on Thursday March 31, 2011 @07:35AM (#35676480)

    False positive from a rarely used AV package - detects the same thing in an empty folder on a clean machine.
    http://www.f-secure.com/weblog/archives/00002133.html [f-secure.com]

Money can't buy love, but it improves your bargaining position. -- Christopher Marlowe