PDA

View Full Version : Samsung in Spyware Scandal !


Naimul_Hd
March 31, 2011, 02:08 AM
Don't buy Samsung laptops unless you want Samsung to have your banking passwords. :)

Samsung has denied allegations it installed secret spyware software on its laptops that monitors and records users' activity - including their keystrokes - without their consent.

The publication to first report the allegations, Network World, said Samsung had been given a week to comment but had not responded at the time of publication.

Late this afternoon, Samsung Australia said the allegations were "not true".

"Our findings indicate that the person mentioned in the article used a security program called VIPRE [antivirus software] that mistook a folder created by Microsoft Live Application for ... key logging software, during a virus scan."

IT publication Network Wold reported that Mohamed Hassan, founder of NetSec Consulting Corp, a firm that specialises in information security consulting services, detected spyware on a laptop he purchased from Samsung in February.

Earlier today, Samsung spokesman Jason Redmond told PC World that the company was looking into the allegations. "We take these claims very, very seriously," he was reported as saying.

Samsung Australia, also earlier today, said it was investigating the issue "as a matter of urgency" but could not comment on a local level because the issue had originated outside of Australia. "As soon as we have an update on the investigation, we will share this with you," the company said.

Security expert Chester Wisniewski, of security firm Sophos, said in a blog post that what Samsung had allegedly done was "astonishing".

"After the massive uproar that resulted when Sony installed rootkits on peoples computers when they listened to an audio CD, you would hope the world would realise this type of behaviour is totally unacceptable," he said.

When setting up the laptop (model R525), Mr Hassan decided to run a security program on it and run a full system scan before installing any of his own software, the report said. In doing so, it said he detected a secret program called “StarLogger” installed.

Typically known as spyware, the secret software alleged to have been installed on Mr Hassan’s computer is described by one website as being able to record “every keystroke made on your computer on every window, even on password protected boxes”. It goes on to say that the software is “completely undetectable and starts up whenever your computer starts up”.

After analysing the laptop, Mr Hassan came to the conclusion that the spyware must have been installed by Samsung, and so he removed it and carried on using it normally, the report said. But after some issues with the video display, he returned it and bought another model which had better features (model R540).

After doing the same security software scan on that laptop, the report said Mr Hassan again found the same secret software installed. This time he thought something was suss, and so raised the issue with Samsung.

After denying the presence of the software on its laptops, Samsung allegedly changed its story and referred Mr Hassan to Microsoft since “all Samsung did was to manufacture the hardware”.

But after the incident was escalated to a supervisor, Mr Hassan claims that they told him that they put the software on their laptops to "monitor the performance of the machine and to find out how it is being used”.

Network World said it contacted three public relations officers at Samsung for comment and gave them a week to send back their comments. “No one from the company replied,” it said.

Source: http://www.smh.com.au/technology/security/samsung-denies-shipping-laptops-with-secret-spyware-20110331-1che2.html

One World
March 31, 2011, 12:20 PM
I was reading this article that how Samsung is elaborating it's R&D activity in BD. Are they trying to create their next hacking hub based in Dhaka? I won't mind ;).

Alchemist
March 31, 2011, 10:25 PM
Thanks for sharing Naimul bhai. It missed my radar somehow.

Zunaid
March 31, 2011, 10:35 PM
http://www.smh.com.au/technology/security/samsung-cleared-of-shipping-laptops-with-secret-spyware-20110331-1che2.html

UPDATE

Samsung has denied allegations it installed secret spyware software on its laptops that monitors and records users' activity - including their keystrokes - without their consent.

Further, the security firm whose antivirus software was used to detect what it thought was spyware has published a statement (http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html) on its blog apologizing to Samsung.

Zunaid
March 31, 2011, 10:37 PM
http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html

http://www.sunbeltsoftware.com/alex/gblog/blog/header.gif (http://sunbeltblog.blogspot.com/) Thursday, March 31, 2011

Samsung Laptops do not have a keylogger (and it was our fault) (http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html)

A Slovenian language directory for Windows Live is causing us considerable headaches this morning, and we have no one to blame but ourselves.

A Network World article (http://www.networkworld.com/newsletters/sec/2011/032811sec2.html) has alleged Samsung laptops of having a keylogger. Unfortunately (and to our dismay), the evidence was based off of a false positive by VIPRE for the StarLogger keylogger.

The detection was based off of a rarely-used and aggressive VIPRE detection method, using folder paths as a heuristic. I want to emphasize “rarely”, as these types of detections are seldom used, and when they are, they are subject to an extensive peer review and QA process. (It’s not common knowledge, but folder path detections are actually used by a good number of antimalware products, but are generally frowned upon as a folder that looks clearly like one for malware has the potential of generating just this kind of result — a false positive.)

The directory in question was C:\WINDOWS\SL, and is the Slovenian language directory for Windows Live. This same directory path is used by the StarLogger keylogger.

How does this happen? A researcher has a number of tools at his or her disposal to detect a piece of malware. These include a broad range of detection types based on the malware in question. Sometimes, a simple signature is fine; other times, a more carefully crafted detection is needed. In VIPRE, among some of the detection types are heuristic (meaning, using a method of pattern analysis on the file); behaviorial (looking at the behaviour of a file in VIPRE's emulator to see if it does anything malicious) or signature-based (simply creating a file signature for the file). Part of the heuristic toolkit used might be any number of types of analyses, and these can include looking at the contents of the file for specific patterns that indicate malware. A researcher can also (but rarely) use a folder path as part of a more comprehensive detection set. Imagine you're a researcher: You see the folder name "C:\windows\sl". This is, indeed, something one would never find on a Windows system at the time the detection was written, so the researcher added this folder path to his heuristics for this keylogger. It was peer-reviewed and tested against a broad range of Windows platforms, including every foreign language set. Everything is fine and dandy... except that at some point several years after the original detection was written, Windows Live started using that directory to install Slovenian language files for Windows Live. Samsung started pre-installing Windows Live, including all the languages, and there you have the problem we're having today.

We apologize to the author Mohamed Hassan, to Samsung (http://www.samsungtomorrow.com/1071), as well as any users who may have been affected by this false positive.

False positives do happen, it’s inevitable and like all antivirus companies, we continually strive to improve our detections, while reducing any chance of a false positive. This one (admittedly, an incredibly embarrassing one) made it through our processes, and I have met with the senior managers in the area this morning to handle what happened and to continue to improve our processes.

The false detection is fixed in definition set 8878.

Alex Eckelberry
General Manager, GFI Security

Alchemist
March 31, 2011, 11:05 PM
So, False positive by VIPRE. I wonder what happened to the Samsung share prices once the initial news broke.

goru
April 1, 2011, 01:20 AM
Samsung should sue.

Puck
April 1, 2011, 11:50 AM
I use a Samsung NC30 netbook and absolutely love the feel of it. This is my first non-IBM laptop and while this is a budget netbook i love the size and robust feel as much as plastic can be robust. Whenever I buy a new laptop or setup one for a friend or colleague I disable all manufacturer provided bloatware. Most of them are useless.

bujhee kom
April 2, 2011, 02:01 AM
Arrey bhais is this that Lauggage company Samsung, right??? Pura dui number! Pura Chore, dhoira jutar mair den!!