Update: Samsung has now denied this story and posted evidence to support their investigation.
Security researcher Mohamed Hassan found StarLogger software on two different Samsung laptops, the R525 and R540, he had purchased from two different retail stores. Instances of StarLogger were found on both machines, at least one detection the result of a clean out-of-the-box virus and malware scan.
StarLogger software is described as an application that runs silently in the background every time your machine boots up. It is said to be capable of recording every keystroke made on your computer; meaning confidential emails, passwords, bank details, phone numbers, and other communications are easily capable of being captured. The software is even said to be able of taking screenshots of your activities. StarLogger is then able to email the results of its key logging silently without detection, and attach any screenshots it has taken to those emails. Pretty nasty stuff to the say least.
Hassan was reportedly told by a Samsung support supervisor that the software was installed to “monitor the performance of the machine and to find out how it is being used.”
Now whether it is actually true that Samsung purposely installed this software remains a big question. It is often the case that, when a difficult customer coming calling with questions that cannot easily be answered, support personnel will fob you off with whatever information they feel will get you to disconnect the call most quickly. It comes with the pressures of the job, needing to meet performance benchmarks, and seeing a long queue of calls waiting to be answered.
Samsung last night jumped on the story and issued the following statement:
Samsung has launched an investigation into the matter and is working with Mich Kabay and Mohamed Hassan in the investigation. Samsung engineers are collaborating with the computer security expert, Mohamed Hassan, MSIA, CISSP, CISA, with faculty at the Norwich University Center for Advanced Computing and Digital Forensics, and with the antivirus vendor whose product identified a possible keylogger (or which may have issued a false positive). The company and the University will post news as fast as possible on Network World. A Samsung executive is personally delivering a randomly selected laptop purchased at a retail store to the Norwich scientists. Prof. Kabay praises Samsung for its immediate, positive and collaborative response to this situation.
There are a number of credible theories floating at the moment. The most credible theory in my mind being that this software somehow found its way into Samsung’s manufacturing process undetected. It is hard to believe anyone would be so stupid as to authorize silent deployment of this software on customer laptops.
People should avoid jumping to conclusions before the results of the investigation are concluded. But if you are using a fairly recent Samsung laptop, I would consider running security scans on your computer as soon as possible, especially if you have never done so before (it happens).