
Samsung installs keylogger on its laptop computers - pietrofmaggi
http://www.networkworld.com/newsletters/sec/2011/032811sec2.html
======
jedsmith
Am I the only one that wipes the OEM operating system as soon as I buy a
computer? Even if I'm putting Windows right back on it?

I started doing it because of the crap they bundle in there, but this seems
like an unintended good reason to do so as well.

~~~
wewyor
The only problem is that now you have to find a way to download the iso's from
microsofts' servers to do it now because most laptop manufacturers only give
recovery media that gives you all the crapware when you reinstall.

It wasn't that long ago that you got actual windows install media when you
bought a computer.

~~~
Silhouette
> It wasn't that long ago that you got actual windows install media when you
> bought a computer.

Oh, I'm afraid that was actually quite a long time ago.

However, the last time I checked, Microsoft did impose a condition that mostly
affected laptop manufacturers, such that they were required to provide any
genuine Windows customer with real Windows media on request, rather than just
some not-quite-real-Windows recovery media. Is this no longer the case?

If that is still a requirement for installing OEM Windows on laptops for sale,
maybe a campaign where a significant fraction of Samsung laptop customers
suddenly started demanding real media would attract the attention of whatever
fool thought this was a good idea. This is not mutually exclusive with an
expensive class action lawsuit, of course. }:-)

~~~
pasbesoin
Back in... 2006?, when purchasing a Dell I put down $10 to receive a plain
Jane XP Pro installation disk, in addition to the crapware-infested restore
disk that came with it by default.

More recently, helping a friend with a Dell purchase, I could no longer find
that option in the online order flow. Maybe if you call them and ask...

(I'm not a regular Dell purchaser.)

~~~
lancefisher
I've reinstalled Windows on Dell computers for friends that didn't have the
discs. I just called Dell, and they mailed me a plain Windows install disc for
free. Awesome! I'm not sure if they still do that.

With HP, I wasn't even able to pay for an install disc of any sort, and since
the recovery portion of the HD was gone I had to buy a copy of Windows. I'll
never buy an HP computer for this reason.

~~~
pasbesoin
I'll add that that disk was actually stolen in a burglary. When I subsequently
needed to reinstall, a friend burned a copy of his XP Pro disk and mailed it.
In combination with the code on the license sticker on the machine, this
worked fine.

(I'm hesitant to download an image from an unknown source.)

I don't know about Windows 7 -- I seem to recall reading that installation
disks for it work somewhat differently, but I don't recall the details.

~~~
wewyor
If you look you can get the windows 7 isos from microsofts' servers (or in
this case their distribution network through digital river).

These have worked for my OEM licenses, XP though I remember you needed to use
the disk with the correct service pack to install with your software key. (A
sp1 key wouldn't work with a sp2 disk and vica versa.)

~~~
calloc
Links? I'd definitely be interested in this seeing as how I just bought a
Lenovo and want to wipe it.

~~~
wewyor
google: windows 7 iso (first result) (mydigitallife)

The links that say msft-dnl.digitalrivercontent are the same as when you buy
online (at least when I bought my win 7 professional license for my desktop
the iso linked is the same as the one I downloaded).

Those are probably the only ones I would trust, make sure you are indeed going
to digitalrivercontent website, download appropriate language and version/arch
(prof, home prem 64 or 32)

~~~
pasbesoin
Does this still apply?

[http://www.windowsvalley.com/unlock-all-editions-from-
window...](http://www.windowsvalley.com/unlock-all-editions-from-
windows-7-iso-image-x86-and-x64/)

 _To get all editions-

4\. Just delete the file and finally create the bootable ISO and burn your
unlocked disc._

~~~
sid0
Yes, that should work.

------
16s
Off-topic: I wrote a _very primitive_ passive keystroke logger a few years ago
(just to demonstrate how they work). I still have the source code and folks
email me about it often:

<https://github.com/16s/16k>

My example is _really trivial_ and it only works on Windows, but it works well
and demonstrates the concept of passive keystroke logging. Unlike system wide
hooks, passive logging just monitors the key states. Sort of like when you are
playing a video game and press the 'P' key. The game pauses because it's
monitoring the P key's state (up or down) and can tell when it changes. Extend
that concept to the entire keyboard and you have a passive keystroke logger.

Passive loggers are more challenging to detect as well and they run just fine
as a normal user (no need to be root).

~~~
getsat
Just use SetWindowsHookEx() with WH_KEYBOARD_LL. Here's some ancient proof of
concept code I wrote for detecting user activity (keyboard and mouse):

<https://gist.github.com/a95f198292c9e453e054>

This was originally to be used with malware that needs to run when the user is
away from their workstation. You can access p->vkCode in KeyboardProc() to see
which keys are pressed.

One interesting thing to note is that if you remove the invisible
window/message pumping loop, the program behaves erratically when processing
the low-level inputs. I never looked into this.

~~~
iuguy
This is really really easy to detect for malware analysts. One of the first
things you look for in memory on a compromised system is hooking. Most
rootkits use hooks at different levels to hide or monitor things.

Strangely, on a clean system most hooks tend to be from the Antivirus (usually
hooking filesystem calls for on demand scans).

~~~
getsat
Definitely. Any amateur effort will generally involve SetWindowsHookEx() + DLL
injection to capture keystrokes. The intention was to move this up to ring 0
eventually, but I decided to work on more lucrative things instead.

~~~
iuguy
Actually, I'm speaking at DC4420[1] on the 20th of April on evading defence
mechanisms, I think I might bring this up there.

[1] - <http://www.dc4420.org/>

~~~
getsat
Cool, I will check it out.

------
westbywest
"The statements that Samsung installs keylogger on R525 and R540 laptop
computers are false.

"After investigating into this matter, it was found that the software
installed was in fact Vipre, not the commerical keylogger called StarLogger.
The confusion arose because Microsoft's Live Application multi-language
support folder, 'SL' folder, was mistaken for StarLogger

"(Live Application is Microsoft's application which provides messenger, email,
video, photo gallery functions. Depending on the language, under C:\windows
folders 'SL' for Slovak, 'KO' for Korean, 'EN' for English are created.)"

<http://www.samsungtomorrow.com/1071>

------
Bo102010
This strikes me as dubious at best. I think a more likely explanation is that
his detection software is flagging anything with the path "c:\windows\SL" as
malware.

He says "This key logger is completely undetectable," which is clearly untrue
(he has allegedly detected it).

If it's logging his keystrokes, it's either storing them locally or sending
them off somewhere else, or both. If he's as qualified as he says, he should
be able to find out which (find a file that increases in size after a lot of
keystrokes, use Wireshark...).

~~~
mmazing
Yeah, except Samsung admitted that they installed it in the followup article.

~~~
Bo102010
I stand corrected, and should have read the followup article.

I don't think the Samsung "confirmation" brings me to 50% confidence that
Samsung actually was logging and capturing people's keystrokes, though.

I would still like to see what the keylogger is actually doing - storing,
transmitting, what?

------
po
Talk about burying the lede...

And what does he mean by "After the initial set up of the laptop"? What
exactly did he do? Couldn't it just mean that the security software he is
using to do the scan or the media he is using is infected? I just think this
sounds fishy until he's verified it with a completely different set of tools.

~~~
codingthewheel
Not only that, but there are legit reasons to include a keylogger as part of a
laptop build out. Every computer has, or should have, this kind of auditing
capacity. The question is a) whether it's turned on by default and b) whether
any information is being transmitted on the sly. In all likelihood, this was
either some sort of mistake, or the keylogger is intended for use by the
computer's owner -- not by Samsung.

EDIT: Sorry for scaring people. Listen, I HATE keyloggers and other invasive
software. Here:

<http://bit.ly/2U3iAH>

My point was that I can see a legit need for low-level auditing by whoever
owns the PC. Including such a package that's turned off by default, might be
better than forcing a worried parent to sift through 12 keyloggers on Google,
half of which are malware, a quarter of which don't work, in order to find out
if her 12-year-old is composing YouTube dances and uploading them to 4chan.

~~~
Xurinos
Hey guys, I disagree with codingthewheel's idea, too, but we need to get a
little meta here:

His comment is not spam.

His comment caused discussion.

His comment is an opinion, not a false fact.

There are no personal attacks of any kind in his comment, and his language is
fine.

His argument is simply unpopular.

None of your responses indicate any of the usual legitimate reasons for
downvoting.

So why the downvotes? Do you really want HN to be an echo chamber instead of
an arena of civil discussion?

~~~
lwhi
I think the downvoting in this case is equivalent to saying 'your point of
view is dangerous'.

~~~
oconnore
No, the equivalent would be to click _reply_ , and then type "I think that
your point of view is dangerous."

~~~
lwhi
Meaning can be inferred from the down-voting. I think that was probably the
meaning behind most of the negative votes.

I actually believe that it's okay to use voting to express whether you agree
or disagree with a point. Where's the harm?

I think that the experience of reading HN is enhanced when there's contrast
between popular and unpopular ideas. If a post is unpopular, it doesn't mean
that I don't read it. If anything, I might pay more attention to it.

In some cases its lack of popularity might spark more debate; like it has in
this case.

~~~
kls
_I actually believe that it's okay to use voting to express whether you agree
or disagree with a point. Where's the harm?_

This is a bad point of view and is what is leading to the degradation of HN as
a place for people who see the world through a different lens. We have already
lost a lot of beautiful minds due to heard voting. Downvoating is for items
that do not belong on HN, nothing more nothing less. If you downvote because
you do not agree with an idea you are actively suppressing discussion, no
matter how strongly you disagree. Many time from people more brilliant that
ourselves.

~~~
lwhi
The voting mechanism is a tool. People choose to use tools in whichever way
they see fit. A culture will develop and form according to the norms which are
set around group usage.

On HN people I've found that many people use voting to signal whether they
agree (or disagree) with something. If that wasn't the case, I'd see my karma
rise - rather than rise, fall and fluctuate.

As far as I can tell, if something shouldn't be on HN, we have the ability to
flag a post.

I can agree that a post shouldn't needless be hammered into negative space,
just as a person's point of view shouldn't be needlessly trampled on in meat-
space. But I think that down-voting in general has found a place.

We can say that it might be better to never down-vote - but many users have
the ability, and it's a regular practice. Neglecting the fact is a little like
ignoring the fact the emperor is wearing no clothes.

~~~
kls
_As far as I can tell, if something shouldn't be on HN, we have the ability to
flag a post._

You cannot flag comments downvoting is there to discourage, trolls and abuse.

 _We can say that it might be better to never down-vote - but many users have
the ability, and it's a regular practice. Neglecting the fact is a little like
ignoring the fact the emperor is wearing no clothes._

I am well aware of that and it has lead to a decline in the standard that HN
used to be (while my account may not reflect it I have been around here for a
long time, and witnessed the decline first hand). It has been complained about
on HN ad nasium. No one is neglecting the fact that it happens, I am just
stating that doing so makes HN a worse place the results are obvious and have
already lead to some valuable people leaving.

~~~
lwhi
To flag a comment, click on 'link' and then 'flag'.

I think the decline is largely due to a rise in meta-discussion about HN and a
rise in articles which are mainly designed to self-promote their authors.

I apologise for playing my part in the first ... ;P

~~~
kls
_To flag a comment, click on 'link' and then 'flag'._

Thank you, you learn something new every day.

------
anon1385
[http://www.networkworld.com/newsletters/sec/2011/040411sec1....](http://www.networkworld.com/newsletters/sec/2011/040411sec1.html)

 _Samsung responds to installation of keylogger on its laptop computers_

 _The supervisor who spoke with me was not sure how this software ended up in
the new laptop thus put me on hold. He confirmed that yes, Samsung did
knowingly put this software on the laptop to, as he put it, "monitor the
performance of the machine and to find out how it is being used."_

 _In other words, Samsung wanted to gather usage data without obtaining
consent from laptop owners._

[…]

 _We contacted three public relations officers for Samsung for comment about
this issue and gave them a week to send us their comments. No one from the
company replied._

------
jgrahamc
_Mohamed Hassan, MSIA, CISSP, CISA graduated from the Master of Science in
Information Assurance (MSIA) program from Norwich University in 2009_

Really bad way to start an article. Who cares about all these qualifications?
Did he find a key logger and how did Samsung respond?

Unfortunately, they have decided to make us wait for the response. That seems
really lame IMHO.

~~~
Lost_BiomedE
I think it means that the author does/did not expect you to be the target
audience. To you, an appeal to authority does not mean much, but for someone
who does not have much technological knowledge, it may have some weight.

Maybe they were trying to pull views from yahoo finance or something?

~~~
jobu
Perhaps he wasn't getting any response from Samsung, and posted this to prod
them into action. Still this seems like a really terrible way to end an
article:

 _In the next article, Mr Hassan discusses how Samsung responded to his
discovery._

------
albedoa
_The findings are false-positive proof since I have used the tool that
discovered it for six years now and I am yet to see it misidentify an item
throughout the years._

Thus, it is false-positive proof? Why wouldn't he test it against other tools?
Why wouldn't he try to find out as much about this as you can before writing
an accusatory article?

Further, why is he running a full-system security scan on a fresh installation
of Windows? Is that normal? If this is a genuine accusation of wrongdoing,
then I think that the actual sequence of events and his entire methodology
should be disclosed.

~~~
sorbus
> Further, why is he running a full-system security scan on a fresh
> installation of Windows? Is that normal?

If you're a bit paranoid or don't trust the manufacturer (with good reason,
apparently) it makes perfect sense to run a scan on a fresh system after
initial setup. It's probably not a normal thing to do - pausing all usage of
the system to check it for malware - but it makes sense.

> the actual sequence of events and his entire methodology should be
> disclosed.

Eh, not really. We just need to run the same scans (using lots of different
software) on other Samsung laptops, both the same and different models, and
see if it detects the logger. If the logger is found, then he's right, if it's
not than he's wrong (and probably it's his own software which is infected).
His methodology only matters if no supporting evidence for infection is found.

~~~
albedoa
> If you're a bit paranoid or don't trust the manufacturer (with good reason,
> apparently) it makes perfect sense to run a scan on a fresh system after
> initial setup.

That's what I mean. If he had reason to not trust them, then he should share
his reasoning. It would help us to understand why he was conducting a post-
installation scan in the first place. It is not normal behavior otherwise.

> Eh, not really. We just need to run the same scans (using lots of different
> software) on other Samsung laptops, both the same and different models, and
> see if it detects the logger.

Very true. I meant that it would help us to maximize our success with
duplicating his method, which would translate into a higher detection rate if
the logger actually exists. If one isn't found, it would help us figure out
why he might be seeing what he sees.

~~~
BrandonM
> _That's what I mean. If he had reason to not trust them, then he should
> share his reasoning._

From the end of the article:

> _Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp,
> a firm that specializes in information security consulting services._

Most likely a client discovered what appeared to be a keylogger and brought it
to NetSec for investigation. Part of that process would have likely been to
purchase a new Samsung laptop as part of a simulation to figure out how the
keylogger may have been installed. Finding it on a fresh purchase must have
been quite surprising!

------
mrcharles
It would be interesting to hear from the HN community, people with Samsung
laptops, if they've had this happen, or if they check now, if this keylogger
is discovered.

~~~
dionysianstanza
Currently on an R720 and I've no SL folder, either.

I've poked around various locations on the machine and run some scans with a
number of different tools, but I've discovered nothing untoward, as yet.

My attestation is somewhat of an irrelevance, however, as I've no way of
accurately replicating the environment in which Mr Hassan carried out his
research. It looks as though I shall simply have to wait and see how this all
plays out over the coming days.

------
jgrahamc
Samsung's response is here:
[http://www.networkworld.com/newsletters/sec/2011/040411sec1....](http://www.networkworld.com/newsletters/sec/2011/040411sec1.html)

~~~
pbhjpbhj
That's kinda mind blowing.

Use of such a laptop in the UK would appear to contravene the Computer Misuse
Act (on at least a count of unauthorised computer access), if you have a
Samsung with this software I suggest you hire a good lawyer and shop around
for investment opportunities for your payout.

What are the chances that Samsung have also breached government secrets acts
with this in several countries!?

~~~
jedsmith
What's mind blowing is that anybody believes what a support department says.

~~~
pbhjpbhj
I'm trusting the report here but it was at least second level and they
referred somewhere for help with the query so it appears it was 3rd level
support. Certainly attributable to the company in such a case.

------
blinkingled
Thank heavens this was software based - now imagine if they shipped keyboard
firmware with a built in keylogger! Who knows, may be some do - that would be
nearly impossible to detect as they can encrypt it.

On a related note - My bank requires me to use a on-screen virtual keyboard to
log into the online account. The keys of this virtual keyboard are randomly
rearranged every time it is invoked. That could certainly beat keyloggers.

~~~
darren_
You'd think so, but actually there exist keyloggers that take screenshots on
mouseclicks, precisely to bypass this.

~~~
blinkingled
Of course :) On the other hand, security is about putting as many deterrents
as practically possible - nothing can be 100% secure. So to that extent it is
still better to have measures like on screen keyboard than not. And then even
if you somehow perfected the on-screen keyboard to not give out screenshots -
there is always browser based malware that can send your session or creds to
the attacker without bothering about keylogging!

------
GiraffeNecktie
I would have expected this to show up from many different sources. The fact
that only one person is reporting this makes the story somewhat suspect.
Surely he's not the only Samsung owner to run a malware scan.

~~~
pavel_lishin
> Surely he's not the only Samsung owner to run a malware scan.

On a machine he just bought, without installing anything else?

Besides, someone has to be first.

~~~
GiraffeNecktie
He noticed this back in February so I'd think that's a fairly long time to be
the only report. A few other things bothered me about the article: the heavy
handed reference to Sony's rootkit, as others noted, is inappropriate since
the Sony rootkit was clearly a deliberate decision. In this case, the most we
can say at this point in time is that he found a keylogger on a Samsung
computer. Whether it was put there deliberately or not is unknown. Which leads
to my further gripes with the headline (which flatly implies that it was
deliberate), with the fact that he didn't retain the evidence but chose to
write about it (which means noone can verify his findings), and with his
apparent lack of curiousity about whether the keylogger was operational and
where it might be sending its data.

~~~
capstone
_On March 1, 2011, I called and logged incident 2101163379 with Samsung
Support.

...

The supervisor confirmed that Samsung did knowingly put this software on the
laptop to "monitor the performance of the machine and to find out how it is
being used."_

~~~
GiraffeNecktie
Ah. Missed that bit. Thanks.

------
narrator
This isn't the first time Samsung did this kind of thing. On their android
phones, they have a system called CarrierIQ that is deeply embedded into the
system and can monitor practically all aspects of phone usage.

<http://forum.xda-developers.com/showpost.php?p=11763089>

------
derrida
So, has ANYONE verified this independently yet?

------
helmut_hed
Here's a plausible scenario under which Samsung is innocent:

1) Starlogger is part of the security software Hassan installed, and 2) The
Samsung person he reached didn't know what he was talking about

I have no idea if this is really what happened, but consider:

Hassan says _After the initial set up of the laptop, I installed licensed
commercial security software and then ran a full system scan before installing
any other software._

This could simply be an embarrassing mistake, compounded by the ignorance of
some call center person... I'm waiting for confirmation from others with
Samsung systems.

------
unreal37
I am skeptical this is true. Some phone tech support guy overseas is not
official confirmation of official policy. I would like to see more widespread
confirmation ('happened to me too!') before people start dumping on Samsung.

Also missing, evidence it was turned installed and running at bootup, evidence
it was sending information anywhere. It should be fairly easy to use the
laptop, connect to the internet, and see what data is sent to what server,
owned by whom. THAT is evidence. These are just random unimportant files in
some random directory until then.

------
hbz
I wonder where it stores all this logged information. Despite a lot of
references to the Sony rootkit, the author doesn't specifically call this a
rootkit other than to say it's "completely undetectable" (not really). There's
also mention of traces of the program being found in c:\windows\SL, which
means its not very well hidden. More information is required.

------
denysonique
However, a scan result does not mean much, a full proof would be if he found
the keystrokes actually logged in some file and/or being sent to somewhere.

Btw, I am typing this from a Samsung R510 laptop. Fortunetaly I don't use
crappy windows. I run Gentoo Linux.

~~~
nopassrecover
"Fortunetaly (sic) I don't use crappy windows. I run Gentoo Linux."

A reasonable observation followed by a stupid effectively ad hominem attack.
The reason your Linux PC is free from the Samsung keylogger (if it does exist)
is only because there's little to no incentive to bother with attacking Linux
users. Do you really believe Microsoft has spent billions in research and
hiring the brightest minds in technology to create an inherently insecure OS,
or is it more likely that the incredibly large userbase creates much greater
incentives for security attacks?

~~~
notoem
No, the reason his computer does not have the keylogger is because he
installed an operating system other than the one it came with (assuming the
story is accurate). Even if he had reinstalled Windows, he would not have it.

~~~
limmeau
Unless the BIOS knows how to install Windows keyloggers in Windows root
partitions and Linux keyloggers in Linux root partitions.

------
motters
It's a disappointing cliff-hanger ending. Without more information it's
impossible to say whether this is just some malware accident or a deliberate
policy by Samsung. I'm inclined to think that the former situation is more
likely.

~~~
donohoe
The link to the part where someone from Samsung confirms they installed the
keylogger so they could lern how people use the machines.

~~~
motters
Second part
[http://www.networkworld.com/newsletters/sec/2011/040411sec1....](http://www.networkworld.com/newsletters/sec/2011/040411sec1.html)

------
mulander
I own a HP laptop which recently had its mother board replaced. The machine
came with an OEM installation of MS Windows Vista - I didn't reinstall /
remove but I did lock out and changed the password for the 'Administrator'
account. To my surprise when the laptop came back from repair (official HP on
warranty repair) the Administrator account was unlocked and the recent
activity on that account indicated that video files were being run recently
from it.

I assume that they must have a way to unlock the account I just hope it's not
a full time remote control like mentioned in this article. You can be sure of
one thing - I will never buy from HP again.

~~~
MichaelGG
You realise you can unlock/reset passwords just by booting a CD? Locked is
just a small setting in a file on disk.

As far as playing video files, that seems like it might have been part of
testing - making sure it can handle a tiny bit of stress.

~~~
mulander
By booting an OS from a CD - yes I knew about this. I just hope it isn't a
built in 'unlock' utility.

If that was the case then OK. I also understand running things to check if
they work - that's why I didn't make a problem out of it.

I am not OK in changing/running things on the machine without contacting the
owner. This makes a user uncomfortable.

------
motters
The second part is more interesting, but it doesn't give any indication as to
whether the keylogger was installed on a small number of internal test
machines which then accidentally escaped into consumerland, or whether this is
a more widespread practice. If it is widespread then Samsung are really
entering a world of pain in terms of lawsuits.

------
loganlinn
Is there not a hole in this argument? Why wouldn't he first question the store
at which he bought both of these Samsung laptops? This isn't solid evidence
that the source of the keylogger is from the hardware manufacturer and is
borderline defamation.

~~~
darkmethod
The following line from the article in question leads me to believe that he
did not purchase the second laptop from the same store.

"I returned that laptop to the store where I bought it and bought a higher
Samsung model (R540) from another store."

I will wait for confirmation/proof in either direction before drawing any
conclusion regarding possible "defamation" on the authors part.

~~~
loganlinn
Indeed, we shouldn't jump to any conclusions. My point was that the author
appears to already have, especially given the article's title. There are lots
of situations that could explain to origin of the malware (reseller, pre-
installed bloatware, etc), but the author chose one.

------
mooky
One user reporting an incident does not a story make. Lazy journalism.

Also: a possible publicity attack from someone who has just started up a
security consultancy... But this could rebound on him due to his EXTREMELY
sloppy work and total lack of forensic skill.

------
rheide
Could be any number of reasons for this. The store may have messed up and had
its computers infected by a virus. Or Samsung itself. Or user error, like
other people pointed out already.

What I would be interested to know is if the logger actually phones home, and
if so, to where. That would give fairly conclusive proof if Samsung did it or
someone else. If it's just logging stuff locally then what's the point? Maybe
Samsung (if Samsung is indeed the culrpit) could claim it's for tech support
reasons?

------
piaskal
If it's true I wonder if Samsung actually does that deliberately or were their
production systems hit by some malware.

~~~
lell
It's possible --- and the customer service manager he was talking to just said
anything to get off the phone, even if it meant lying about something he
didn't understand. Maybe he didn't even realize it would paint his company in
a bad light.

------
tikna
If you think logically, why they would even do that? What can they get out of
logged data. Can you give me the answer?

I think you are exaggerating this thing too much.

~~~
bbommarito
Let me pull on a conspiracy theorists hat here, and give one possible reason:

When you purchase a laptop, at least in my experience, it records the serial
number of the laptop purchased. Now, generally you don't purchase a laptop in
cash (At least in the states, but that really has to do with overzealous cops
who think anything over a hundred dollars is drug money), you use a
credit/check card. What this means is at checkout they have an address, and
name (From the card) and a serial number.

You go home, and type away, log in to Facebook, do whatever you normally do,
all the while keylogger is running away in the background. NSA walks over to
Samsung and says "Hey, can we get those keylogger results? Great, here's your
million dollars", takes those, then sees that John Doe is searching for poison
on Google. They run off, and arrest him.

Basically, that information would be NSA's wetdream.

Is this true? Probably not, but it's one possible motive.

------
jpablo
This in no way compares to the Sony Rootkit fiasco. Even if the keylogger is
still there I'll hardly doubt that Samsung installed it on purpose.

~~~
Tyrannosaurs
It's an interesting one.

If it was Samsung's responsibility (big if at this stage obviously) then I'd
actually be more scared if they didn't install it on purpose.

I get that large corporations intentionally do bad things for money but I kind
of assume that they're competent enough that they don't _accidentally_ let
their master install for a new laptop get infected with a key logger. I'm not
saying that I believe them to be completely competent, just that the level of
cock ups I expect from them doesn't run to this.

For me if they did install it accidentally then that's worse than them
installing it deliberately for some ill considered audit or support purpose.

~~~
jpr
> I kind of assume that they're competent

"Never attribute to malice that which is adequately explained by stupidity."

~~~
Tyrannosaurs
Possibly I should be clearer.

I assume them to be broadly technically competent in so much as they won't let
their master install get infected with a key logger.

I'm happy to accept that they may be incompetent when it comes to making
decisions about whether it would be a good idea to install a key logger for
support or audit purposes.

------
tikna
I am trying to find "Mohamed Hassan" on Internet. Now there is a doubt in my
mind that he is even a real person?

------
bigohms
Does this mean a Samsung exec will get some jail time just like the Utah
University student who did the same thing and changed his grades?

[http://findarticles.com/p/articles/mi_qn4188/is_20070107/ai_...](http://findarticles.com/p/articles/mi_qn4188/is_20070107/ai_n17107665/)

------
Derbasti
Well, if this turns out to be true, no more Samsung in my family.

------
azal
It sucks when companies start to impose crapware on consumers and defend it as
useful.

