Consumer electronics giant Samsung has denied pre-installing secret spyware on its computers to monitor users -- and poked gaping holes in the proof.
Security consultant Mohamed Hassan Wednesday claimed to have found evidence that Samsung was pre-installing a special keylogging program called StarLogger on brand new laptops. A notorious tool in the hacker world, keyloggers do exactly what their name implies -- they log every keystroke a user makes, including passwords.
More sophisticated versions can even email that information daily or hourly.
Hassan's claims, and confusion by Samsung tech support about the issue, sent waves of concern through the computer industry overnight. But Thursday morning, Samsung unequivocally debunked these claims on the company's official blog, writing that "the statements that Samsung installs keyloggers on R525 and R530 laptops computers are false."
According to the company, Hassan's results derive from a mistake in the antivirus software he used, which mistook an innocuous Slovakian language folder installed by Microsoft for the far more sinister StarLogger program -- both of which install into a folder named SL.
"This keylogger is completely undetectable and stars up whenever your computer starts up," Hassan trumpeted yesterday in Network World. "[It] sees everything being typed: emails, messages, documents, web pages, usernames, passwords, and more."
StarLogger even has the power to take steal images of your screen.
To Hassan, the identity of the perpetrator seemed obvious. "After an in-depth analysis of the laptop, my conclusion was that this software was installed by the manufacturer, Samsung."
His fears were further stoked when, upon calling technical support, a supervisor more or less confirmed his suspicions. According to the Samsung representative, the company will often knowingly install such software to "monitor the performance of the machine and to find out how it is being used."
StarLogger is real. But is it on Samsung laptops? Industry stalwarts remained skeptical, agreeing with the manufacturer: Hassan was mistaken.
Security experts at F-Secure even went to their local computer store to test Samsung laptops, including one that Hassan had used, but were unable to repeat his results.