Sign in with
Sign up | Sign in

Man Accuses Samsung of Keylogger; Got It Wrong

By - Source: JGC Blog | B 35 comments

Oops.

A security researcher believes that he discovered Samsung having installed keyloggers in its laptop models. This is a serious claim, as unauthorized installation of spying tools such as a keylogger is a huge breach of privacy.

The findings came from Mohamed Hassan, MSIA, CISSP, CISA graduated from the Master of Science in Information Assurance (MSIA) program from Norwich University in 2009. Hassan is also the founder of NetSec Consulting Corp, an information security consulting company. At the same time, he is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.

Hassan was setting up a Samsung R525 laptop and he ran a scan using VIPRE, which detected the keylogging software StarLogger. Hassan later got another Samsung laptop, this time a different model – the R540. In it he found the same finding from VIPRE, which identified the offending files in c:\windows\SL.

Despite it being a rather obvious place to hide a keylogger, Hassan believed in the results. He wrote to Network World, "The findings are false positive-proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years."

Network World reported Hassan's findings in full, which sprung Samsung into full action mode to get to the bottom of things. It turns out, however, that Hassan was wrong.

The directory path c:\windows\SL wasn't for StarLogger at all; it was for Windows Live Essentials language pack for Slovenski. All it took to fool VIPRE into reporting the presence of StarLogger was the presence of the directory – not even needing the language files installed.

Samsung found this out through its internal research; and the makers of VIPRE further confirmed at this was indeed a false-positive.

Display 35 Comments.
This thread is closed for comments
  • 6 Hide
    alikum , April 1, 2011 5:00 AM
    LOL. A man trying to gain fame without proper analysis! Shame on you! You call yourself a security expert? Relying on only 1 tool and not verify your claims???? Dude, you sure are one heck of an expert!
  • 2 Hide
    Anonymous , April 1, 2011 5:02 AM
    Wow, I work in the IT Industry and it's pretty damn easy to differentiate between spyware and a freaking language pack. I mean, what, did he think the directory had Microsoft published INIs as a trick? At the very least he didn't think of running multiple anti-virus programs? And no, keyloggers aren't "virtually undetectable": the areas of the registry where StarLogger sets it's self to start are pretty well known and if a Security Consultant doesn't know HKCU/Software/Microsoft/Windows/CurrentVersion/Run by heart then that's just sad.
  • 3 Hide
    okibrian , April 1, 2011 5:44 AM
    Yeah, he gained fame alright...but I don't think it's a good thing here. How is going to look to NetSec Consulting Corp for security consulting now?
  • 2 Hide
    wannaturnuptheheat , April 1, 2011 5:56 AM
    Biggest oops in recent tech history, I tell you what...
  • 6 Hide
    goatsetung , April 1, 2011 5:57 AM
    Whooops..... eh, yea.... nevermind guys, I uh.... nevermind. Hey look over there!
  • 3 Hide
    ko888 , April 1, 2011 5:58 AM
    Notoriety is earned.

    Making the claim "The findings are false positive-proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years." goes to show that he is a fool and it's inexcusable.

    There's no such thing as a defect free antivirus application. Vipre isn't even in the top ten.
  • -1 Hide
    nebun , April 1, 2011 5:59 AM
    take a look at his name, lol...how did he get all those certifications?
  • 2 Hide
    heycarnut , April 1, 2011 6:09 AM
    Here in the Silicon Valley, anyone that puts a string of 'certificates' after their name in print is laughed at: bozo factor is nearly certain.

    QED

    An Adjunct Professor at UoP? Isn't that like Jr. Custodian at Wendy's? Is that 'school' even accredited?

    In any case, I hope NW salvages what is left of their reputation by having this neophyte, and his cohort, walk the plank. Any customer of his company should RUN not walk, to the competition.
  • 3 Hide
    nebun , April 1, 2011 6:17 AM
    heycarnutHere in the Silicon Valley, anyone that puts a string of 'certificates' after their name in print is laughed at: bozo factor is nearly certain.QEDAn Adjunct Professor at UoP? Isn't that like Jr. Custodian at Wendy's? Is that 'school' even accredited?In any case, I hope NW salvages what is left of their reputation by having this neophyte, and his cohort, walk the plank. Any customer of his company should RUN not walk, to the competition.

    i very much agree with you on this one
  • 1 Hide
    killerclick , April 1, 2011 7:33 AM
    You idiots already forgot about HBGary?
  • 1 Hide
    eddieroolz , April 1, 2011 11:02 AM
    Language Pack. Ouch...
  • 1 Hide
    back_by_demand , April 1, 2011 11:27 AM
    If you rearrange the letters after his name is spells
    "Epic fail loser"
    Give or take a few letters
  • -2 Hide
    Tedders , April 1, 2011 12:30 PM
    ko888Notoriety is earned.Making the claim "The findings are false positive-proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years." goes to show that he is a fool and it's inexcusable.There's no such thing as a defect free antivirus application. Vipre isn't even in the top ten.


    Vipre is one of the best antivirus and antispyware programs on the market. It is not a free application and its worth the money especially in a business environment that is dominated by terrible products like SEP11 and McAfee.
  • -2 Hide
    bv90andy , April 1, 2011 12:40 PM
    what an ace! I hope he got fired
  • 2 Hide
    shadowamazon , April 1, 2011 1:32 PM
    University of Phoenix? what do you expect?
  • 1 Hide
    tommysch , April 1, 2011 2:40 PM
    U of Phoenix... ROFL. They dont use VirusTotal it seems.
  • 1 Hide
    ProDigit10 , April 1, 2011 2:47 PM
    Bwahahaa!
    And they need to have a masters degree for that?

    He probably was hoping to win a case, without knowing they would see if they could verify these findings?
  • 1 Hide
    of the way , April 1, 2011 2:50 PM
    ...someone needs a different line of work.
  • 1 Hide
    Anonymous , April 1, 2011 2:54 PM
    So, because the tool has never been wrong in his experience before, it can't possibly be wrong now and he blindly trusts it without doing ANY other research?

    IMHO: What a complete utter moron and fool.

  • 1 Hide
    chick0n , April 1, 2011 3:27 PM
    This guy is getting paid how much every year to spread "bs" again?

    so much for being an "expert"
Display more comments