A security researcher believes that he discovered Samsung having installed keyloggers in its laptop models. This is a serious claim, as unauthorized installation of spying tools such as a keylogger is a huge breach of privacy.
The findings came from Mohamed Hassan, MSIA, CISSP, CISA graduated from the Master of Science in Information Assurance (MSIA) program from Norwich University in 2009. Hassan is also the founder of NetSec Consulting Corp, an information security consulting company. At the same time, he is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.
Hassan was setting up a Samsung R525 laptop and he ran a scan using VIPRE, which detected the keylogging software StarLogger. Hassan later got another Samsung laptop, this time a different model – the R540. In it he found the same finding from VIPRE, which identified the offending files in c:\windows\SL.
Despite it being a rather obvious place to hide a keylogger, Hassan believed in the results. He wrote to Network World, "The findings are false positive-proof since I have used the tool that discovered it for six years now and I am yet to see it misidentify an item throughout the years."
Network World reported Hassan's findings in full, which sprung Samsung into full action mode to get to the bottom of things. It turns out, however, that Hassan was wrong.
The directory path c:\windows\SL wasn't for StarLogger at all; it was for Windows Live Essentials language pack for Slovenski. All it took to fool VIPRE into reporting the presence of StarLogger was the presence of the directory – not even needing the language files installed.
Samsung found this out through its internal research; and the makers of VIPRE further confirmed at this was indeed a false-positive.
