Hearkening back to the Sony Rootkit brouhaha from a few years ago, a security researcher is claiming in a Network World article that he detected factory-installed keyloggers in two brand new Samsung Laptops. Samsung has made no official response, but a tech support supervisor contacted by the author said that the keystroke logging software was installed by Samsung to “monitor the performance of the machine and to find out how it is being used.”
Wrong link for “factory-installed keyloggers”
Fixed. Thanks!
Uau! This come towards my will to always sweep the original SO from ANY Desktop I own.
Exactly. Right now I’m doing a clean install of stock Windows 7 on a new computer I just unwrapped. I do it every time. Just say no to bloatware!
Definitely agree with you. I’ve done that for years with laptops, though I never have to worry about that with my desktops since they’re always self-built. It’s usually easier to do a wipe than it is to try to disinfect the machine of the factory bloatware. What exactly do they get out of putting all that crap on there anyway? I doubt it brings the cost of the machines down as most manufacturers claim it does. It’s probably just a bit of extra money for them, but does anyone know what the reason is for sure? Some of that bloatware can be more annoying than some malware… and, as we’ve seen here, it can even *be* malware itself.
Soon you will have to do the same with your phones too:
http://forum.xda-developers.com/showpost.php?p=11763089
Yeah, samsung strikes again
This is an ENORMOUSLY stupid move on Samsung’s part. It’s pretty clear that monitoring people and their private actions without consent and without notifying them of this is illegal, and the risks of the collected data falling to wrong hands are all the more important if the laptop had been bought for business use.
I definitely predict a class-action suit, and if there is any large business using Samsung laptops I can guarantee Samsung will end up paying quite a bit of money in the end.
I am just amazed at the sheer stupidity of it all. I mean, didn’t the Sony rootkit fiasco already discourage these things? Sony still can’t live that thing down even after all these years, I can’t believe Samsung wanting similar reputation! And hell, anyone with half a brain-cell would have known this is illegal, not to mention that they have legal staff there whom they could have asked about it to be certain.
I should buy one of these just for the sake of suing Samsung for spying on me.
My mate has a beautiful QX410 I bought last November…
The first thing I will do when I come home is to look for this keylogger.
Samsung, here I come!
Nowadays you really can’t trust anybody anymore!
Stupid world we live in…
Just as a follow-up:
I checked the Samsung laptop and there was no “C:\Windows\SL” directory.
This said: I did not find any evidence for such a keylogger…
Apparently this has again all been false positive. The person who did the “research” — someone called Hassan — just assumed that since his anti-malware program VIPRE has never before given false positives it cannot do so now either and didn’t actually bother to verify if there even were any files in C:\Windows\SL.
I know I would have checked it, even just out of curiosity, and then more importantly to verify that I don’t start spreading falsehoods about someone else.
http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have… should prove to be enough reading if anyone is interested.
I am agast right now, a goddamn keylogger. I would have thought any company would know better than that. Thought I would have thought the same about rootkits too. Still this is just beyond the pale. All your password, logins, and credit card numbers were just being sent right to Samsung. I don’t know what they did with all that data, but I do know what could be done with that data. All it would take is one unscrupulous employee who sees an opertunity to get himself rich.
Never buying Samsung again.
Yeah. It makes me wonder what their phones and tablets have running in the background. If they’re willing to do this on laptops, might they also do it to Android and, since they can, incorporate this into the os at the very lowest levels? It’d be a hell of a lot harder to detect and, without a custom rom to flash these devices with, damn near impossible to get rid of.
I’m glad the only thing I have made by Samsung is my DVD burner. I don’t think anyone’s figured out how to put key loggers in those… at least not yet.
I have several questions:
Does anybody know of any free software to find rootkits and keyloggers on Windows?
Is this a Windows only problem or is Linux also running stuff like this?
Thanks
There are several out there; http://www.malwarehelp.org is a good resource to start from.
It’s highly doubtful that any GNU/Linux or BSD distribution contains something like that, and it’s very difficult (but not impossible) to infect such OSes with rootkits. It would depend on an absolutely moronic user (which is rare among the OSS using crowd), or on physical access to the hardware by the person wanting to install the rootkit. OS X is nearly as safe as other Unix-like OSes, and the more obscure OSes are virtually malware-free.
That said, it’s easy to keep your Windows installation secure if you research the options available and don’t visit shady parts of the internet. As one of my colleagues used to say, “If you sleep with a prostitute you catch the funk, why is it any different for a PC?”
Uh, no…
The term rootkit originated in Unix systems, and Linux is not immune, the source of most rootkits in Unix\Linux is crackers who gain root access through normal means, mainly security holes in other software running on the system. The cracker then installs the rootkit himself, if the exploit he used allows him to gain root access. This allows him access even if the original exploit is fixed.
Spreading the same old crap that Unix\Linux is magically immune to these things doesn’t help anybody, especially people who take your words to heart and then get burned.
Now on the other hand, they are much easier to detect in Linux\Unix, so I think a lot of the cracker types are falling back on the old standbys of replacing standard commands like login with trojans, which is easier to do, and if you do that to a bunch of commands, you can cover more bases.
Big difference, for a rootkit to be installed and run on a *nx system you need to be root. Anyone who gets infected due to running as root deserves it. Simple concept that MS is recently attempting to implement, userland ….
Actually that’s not entirely true. As BluenoseJake said, privileges can be escalated through the use of suspect userland software. But it is still more difficult by far to do so on alternative OSes compared to Windows. Though, Win7 has made a lot of progress in security too.
No, you just need to be hacked using an exploit that will give the cracker root access. It has nothing to do with the user.
Please show me where in my post I said that *nixes are “magically immune” to malware? Oh that’s right, I didn’t.
You make a valid point, but you don’t have to deliberately misquote me to make it. That’s juvenile and makes you out to be less intelligent than you obviously are.
I stand by my original post, wherein I said the same thing as you: It’s difficult but not impossible to infect a *nix box.
I never quoted you at all.
you said:
Which was what I was addressing, with rootkits on Linux, it’s not “the moronic user” that is the issue, it’s other software running on the box. Please read a comment before getting your feathers ruffled.
Bullshit. Who were you addressing then, when you said “Spreading the same old crap that Unix\Linux is magically immune to these things doesn’t help anybody, especially people who take your words to heart and then get burned.”
I’m waiting.
And my point was that it is much more difficult for such compromised software to find its way onto a *nix box. It generally happens to clueless users, or in rare cases when the blackhat has physical access to the machine. I stand by my original reply to the GP’s question about Linux distros being compromised at the release stage.
you said:
That’s not a quote. I made a reference to something you said. I did not quote you, look up quote in the dictionary.
http://dictionary.reference.com/browse/quote
That being said, your post left me with the impression, after reading it, that you believe Linux and OS X is much more secure.
It’s hard to say, especially after the breaches at Oracle and mySQL lately, because Linux is very popular on the server, and it’s breach rate is as high as Windows, because you don’t gain access to a server through users installing shit, or clicking a malicious link, you exploit a hole in apache, or ldap, or OpenSSH, etc.
Linux and OS X are not a security panacea, especially OS X, which is widely known to be pretty crappy, from a security standpoint, with OS X, the versions of most of it’s GPL software are old and out of date, and could contain many security holes.
Oh, and I’m not waiting. Learn what quote means.
Edited 2011-03-31 13:47 UTC
It is *highly unlikely* that a Linux (or Unix or whatever) computer is/was compromised, as Samsung does not sell, AFAIK, a computer with Linux (except Android, but that’s on smartphones), as this is a factory install, so they have root access anyway. Linux is not immune to rootkits, but it is to this one, as Samsung only sells Windows boxes.
And that was pretty much my point; *nixes don’t really ship with rootkits and such from the maintainer (though I think Fedora had an issue a while back with a compromised server). I thought it went without saying that Samsung in particular wouldn’t be shipping compromised Linux installs.
I believe this is the original article that was supposed to be linked:
http://www.networkworld.com/newsletters/sec/2011/032811sec2.html
How come I´m not surprised anymore by news like this one?
Factory bloatware is the norm, spying on users though is obviously a step too far.
I remember when Google Toolbar did the same thing…sending every url typed by the user to google. It was bundled into so many sources that, like a virus, it could easily get installed accidentally without the approval of the owner.
I’ll ask the question thar was asked on CNET:
Has anyone, anywhere, been able to confirm this story?
Different perspective in South Korea. I think this is more about the national security issue to monitor what the South Koreans use. Remember, every South Korean citizen is monitored by using the nationalidentity card in every major Korean websites except the Korean Wikipedia.
That is not even nearly the same thing, you are just comparing apples and oranges here. In South Korea it’s legal for the government to do that, and they don’t monitor every single thing you click or type on your computer, even when you’re not online.
Samsung is a private company, monitoring people like this is a severe breach of privacy laws, not to mention that they collect all your clicks and keypresses no matter if you’re online or not. The data is very, very risky and there’s a high likelyhood it’ll be used nefariously or that it’ll end up in wrong hands.
Ie. it’s not comparable at all to South Korea. And I hope Samsung gets their pants sued off them for this.
Actually they do. Private companies must cooperate with the government or else they would be branded as “illegal pro-North group”. You need your RRS (Residence Registration Number) from shopping in online retail websites to posting in major websites like Naver, Daum, or Nate. They can search from your button. Cyworld (Korean response to Facebook) lets you expose your cellphone number and address without any restriction. Why? It’s because of your RRS is vital for your Korean internet experience.
You want the political background? The National Security Act (“Gukga Boanbeop” in Korean) legalize the basis for mass online surveillance within South Korea.
You need to live in South Korea to believe this. As crazy as it sounds….
Edited 2011-03-31 10:10 UTC
Those are all online activities. They don’t record your offline activities. I don’t understand what you don’t understand.
The South Korean government does online surveillance worse than China. And they do record your offline activities through online according to this law. To make this short, the boundaries between online and offline activities are no longer matter through the legal lenses.
Well done, Samsung, you lost my money for either Wave or Galaxy S I was planning to buy. Nevertheless, largely stupid move – did they really expect that such thing would remain invisible ? Just ask for my data, and I’ll gladly forward the CPU and the memory usage, but that’s all you’re going to get.
I’m out of the malware / rootkits business for couple of years being Linix user, but this is amazing. I expect to see class-action law suit in its full beauty, love the US particularly for defending consumer’s rights.
You relaize Samsung has been planting key and traffic loggers on some of their Android phones for quite a some time now?
http://forum.xda-developers.com/showpost.php?p=11763089
Samsung denial: http://www.samsungtomorrow.com/1071
Basically it seems (according to them, I can neither prove nor refute this) the alert that StarLogger is installed is based purely on the existence of a folder at c:\Windows\SL
That folder can also be created by Windows Live language support feature when adding details for the the Slovene (iso code “sl”) language.
I have to say, while I don’t find it hard to believe a manufacturer might install a key-logger, it seems hard for me to believe that a company the size of Samsung would buy a bog-standard shareware key-logger rather than developing their own, more undetectable version.