

Update: Samsung has said they are looking into this: “Samsung takes Mr. Hassan’s claims very seriously. After learning of the original post this morning on NetworkWorld.com, we launched an internal investigation into this issue. We will provide further information as soon as it is available.” So far Hassan is the only person to report this, so it could be any number of things, including a false alarm or a bad retailer.

Update 2: Debunked. As it turns out, the \SL folder is in fact the Slovenian language folder, and Hassan’s security program thought it was a keylogger. Are you telling me this so-called security expert didn’t think to check the contents of the folder? Sorry for the false alarm, but with Samsung initially confirming the story it was best to err on the side of… blogging.

This is… potentially disturbing. Mohamed Hassan recently purchased a brand-new Samsung laptop, an R525. As part of his normal setup procedure, he ran a complete scan with security software and found a keylogger installed in the Windows directory. Now, Samsung wouldn’t be the first company to accidentally ship infected computers — Asus had such a disaster back in 2008.

Thinking this might be the case, Hassan removed the keylogger (Star Logger in C:\Windows\SL) and went about his business. But after an issue with the display driver a short time later, he returned the laptop and picked up a higher-end R540. Lo and behold, on running his security scan, Star Logger was found yet again!

This isn’t some system failure logging utility, by the way. It’s a full-blown keylogger that records every key press.

I’ll let Hassan tell the story here:

On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since “all Samsung did was to manufacture the hardware.” When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors. The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, “monitor the performance of the machine and to find out how it is being used.”

So. After denying the software existed, then saying that they just make the laptops, they finally acknowledge that yes, Samsung installs malicious software on their own laptops in order to record user behavior.

I don’t think I need to go into the specifics of why this is a shocking breach of trust and presumably illegal as well. We’ll keep an eye out for further developments, but in the meantime, if you have a Samsung laptop, look in C:\Windows for a \SL directory. If you see one, contact Samsung and get mad. This is totally unacceptable and hopefully we’ll get some satisfaction from Samsung on this point soon. I just don’t understand how they could think this was even close to okay, and even after justifying it, how it could possibly escape detection.

Mohamed Hassan and his collaborator Mich Kabay at Network World have contacted Samsung several times for comment, but have received no response so far. I look forward to their answer. Let’s hope it’s all just a big mistake.