This story was updated at 9:00 a.m. EDT on Thursday, March 31, with evidence that this may be a result of a "false positive" identification by antivirus software.
The South Korean electronics giant Samsung may be spying on its own customers, using a program pre-installed on laptops that secretly monitors every keystroke.
In a guest posting on NetworkWorld, Toronto security researcher Mohammed Hassan described how he found keylogging software on a brand-new Samsung laptop he bought last month. He deleted it and continued to use the laptop, until it developed other problems.
Hassan returned it to the retailer and came home with a slightly better Samsung model — which also turned out to have the keylogging software.
He called Samsung telephone support, and after some buck-passing, finally spoke to a supervisor, who first tried to blame it on Microsoft.
Told that didn’t make sense, the supervisor then admitted to Hassan that the software is there to "monitor the performance of the machine and to find out how it is being used."
The software was a commercial product called StarLogger, which its maker says is “completely undetectable and starts up whenever your computer starts up.”
It also captures screenshots at predetermined intervals. Both the keystrokes and the screenshots can be secretly emailed to designated addresses.
Hassan says there was no notification that his keystrokes were being logged.
But it seems that Samsung may not have been trying very hard to conceal StarLogger. The software was hiding in plain sight at the file path “c:\windows\SL\”.
If Hassan's story is true, then Samsung’s behavior is probably illegal, and definitely unethical. As Hassan puts it, “the issue has legal, ethical, and privacy implications for both the businesses and individuals who may purchase and use Samsung laptops.”
Five years ago, the Sony BMG music company was found to be illegally inserting malware on music CDs that would install “rootkits” into Windows laptops to prevent them from “ripping” MP3 files. Sony BMG eventually paid $575 million in fines and payouts connected with multiple lawsuits.
To anyone who’s recently purchased a Samsung laptop, make sure you scan it thoroughly with antivirus software, and also search its Windows folder for a directory called “SL.”
UPDATE:
A Samsung representative told IDG News Service, an affiliate of NetworkWorld, that Samsung was looking into the allegations.
"We take these claims very, very seriously," spokesman Jason Redmond told IDG. "We have no prior knowledge of this software being on our laptops."
Finnish security company F-Secure has concluded this is a case of a "false positive," when antivirus software flags innocuous software as malware.
"The whole saga was caused by a false alarm of the VIPRE Antivirus product," wrote security expert Mikko Hypponen. "Apparently VIPRE detects the StarLogger keylogger by searching for the existence of a directory called 'SL' in the root of the Windows directory. This is a bad idea."
Hypponen said Hassan had overreacted and should have checked the contents of the SL directory — which Hassan did in fact say he had.
A posting on what claimed to be a Samsung-affiliated website said the "SL" folder was a Slovene language pack. The Financial Times said a Samsung representative had given them a similar statement denying the company had installed spyware.