Man Accuses Samsung of Keylogger; Got It Wrong

A security researcher believes that he discovered Samsung having installed keyloggers in its laptop models. This is a serious claim, as unauthorized installation of spying tools such as a keylogger is a huge breach of privacy.

The findings came from Mohamed Hassan, MSIA, CISSP, CISA graduated from the Master of Science in Information Assurance (MSIA) program from Norwich University in 2009. Hassan is also the founder of NetSec Consulting Corp, an information security consulting company. At the same time, he is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.

Hassan was setting up a Samsung R525 laptop and he ran a scan using VIPRE, which detected the keylogging software StarLogger. Hassan later got another Samsung laptop, this time a different model – the R540. In it he found the same finding from VIPRE, which identified the offending files in c:\windows\SL.

Despite it being a rather obvious place to hide a keylogger, Hassan believed in the results. He wrote to Network World, "The findings are false positive-proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years."

Network World reported Hassan's findings in full, which sprung Samsung into full action mode to get to the bottom of things. It turns out, however, that Hassan was wrong.

The directory path c:\windows\SL wasn't for StarLogger at all; it was for Windows Live Essentials language pack for Slovenski. All it took to fool VIPRE into reporting the presence of StarLogger was the presence of the directory – not even needing the language files installed.

Samsung found this out through its internal research; and the makers of VIPRE further confirmed at this was indeed a false-positive.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
35 comments
    Your comment
  • alikum
    LOL. A man trying to gain fame without proper analysis! Shame on you! You call yourself a security expert? Relying on only 1 tool and not verify your claims???? Dude, you sure are one heck of an expert!
    6
  • Anonymous
    Wow, I work in the IT Industry and it's pretty damn easy to differentiate between spyware and a freaking language pack. I mean, what, did he think the directory had Microsoft published INIs as a trick? At the very least he didn't think of running multiple anti-virus programs? And no, keyloggers aren't "virtually undetectable": the areas of the registry where StarLogger sets it's self to start are pretty well known and if a Security Consultant doesn't know HKCU/Software/Microsoft/Windows/CurrentVersion/Run by heart then that's just sad.
    2
  • okibrian
    Yeah, he gained fame alright...but I don't think it's a good thing here. How is going to look to NetSec Consulting Corp for security consulting now?
    3