UPDATE: It has now been confirmed that Samsung laptops do not contain keyloggers or spyware.
UPDATE: Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft’s Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here.
UPDATE: GFI Labs, the maker of VIPRE, has issued an explanation and apology for generating the false positives that led to these articles: “We apologize to the author Mohamed Hassan, to Samsung, as well as any users who may have been affected by this false positive.”
UPDATE: A Samsung executive is said to have personally flown from Newark, N.J., to Burlington, Vt., carrying two unopened boxes containing new R540 laptop computers. These units were immediately put under seal and details recorded for chain-of-custody records. At 17:40, Dr Peter Stephenson, Director of the Norwich University Center for Advanced Computing and Digital Forensics, began the detailed forensic analysis of the disks. The results are expected by Monday.
There seems to be a claim (false, as it turns out) that Samsung installs a commercial keylogger called StarLogger on its laptops before shipping them out, apparently to “monitor the performance of the machine and to find out how it is being used.”
This was reported by Mohamed Hassan, MSIA, CISSP, CISA who bought two different models of Samsung’s laptop – the R525 and R540 models. If the report is true, it will be like a rehash of the Sony Rootkit snafu a couple of years back. (more…)