FORUMS
Remove All Ads from XDA

Samsung and keyloggers

97 posts
Thanks Meter: 0
 
By gigadigit, Member on 31st March 2011, 08:21 AM
Post Reply Email Thread
I read on the Tech blogs that Samsung put keyloggers on their notebook computers.

I am wondering, do they do that on their tablets too?
31st March 2011, 12:48 PM |#2  
mbazdell's Avatar
Senior Member
Flag Ottawa
Thanks Meter: 9
 
More
Read more. Samsung has already explained how it's false.
31st March 2011, 02:05 PM |#3  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by mbazdell

Read more. Samsung has already explained how it's false.

The admitted doing it...... Check slashdot...


-Sno
31st March 2011, 03:08 PM |#4  
Senior Member
Flag Ealing
Thanks Meter: 386
 
More
Quote:
Originally Posted by Snocrash7

The admitted doing it...... Check slashdot...


-Sno


No, the guy who made the allegations *claims* that they admitted it.

It has since been shown to be false!

Regards,

Dave
1st April 2011, 08:07 AM |#5  
fragdagain's Avatar
Junior Member
Flag Richmond
Thanks Meter: 0
 
More
So some "independent" security consultant runs his software to see about spyware or whatever, gets a false positive, news runs rampant and then Samsung gets an independent body to buy product from a retailer and test. The independent body confirms it is a false positive but I don't see any "breaking news" with apologies.

That pisses me off.
1st April 2011, 08:16 AM |#6  
Senior Member
Flag Ealing
Thanks Meter: 386
 
More
Quote:
Originally Posted by fragdagain

So some "independent" security consultant

This "so called" consultant ran an off the shelf virus checker, known to produce a false positive, and published his "results" without even a modicum of research into the cause.

He looks incredibly retarded and incompetant now, and I can't see why anyone would ever again utilize his services.

Regards,

Dave
1st April 2011, 10:36 AM |#7  
DarkPal's Avatar
Senior Member
Flag Victoria
Thanks Meter: 342
 
Donate to Me
More
well samsung might not be putting keyloggers. But they sure install rootkits for drm purposes (i have known that since i first got my samsung mp3 and installed media studio as a syncing program).

Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.

As our great spacemoose dev said why does samsung have to do everything in backwards ass possible.
1st April 2011, 10:45 AM |#8  
Senior Member
Flag Ealing
Thanks Meter: 386
 
More
Quote:
Originally Posted by DarkPal

Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.

I don't have such a folder, but the existence of a folder doesn't imply the existence of a rootkit. I've tried googling "samsung kies rootkit" and found nothing.

Regards,

Dave
1st April 2011, 10:58 AM |#9  
DarkPal's Avatar
Senior Member
Flag Victoria
Thanks Meter: 342
 
Donate to Me
More
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.

www.bleepingcomputer.com/forums/topic77076.html
1st April 2011, 11:46 AM |#10  
Senior Member
Flag Ealing
Thanks Meter: 386
 
More
Quote:
Originally Posted by DarkPal

Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.

www.bleepingcomputer.com/forums/topic77076.html

OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".

However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.

To me, that doesn't meet the definition of a rootkit.

Regards,

Dave
17th February 2013, 02:05 AM |#11  
Junior Member
Thanks Meter: 2
 
More
Thumbs down I hate this malware bundled in Samsung softwares
Quote:
Originally Posted by foxmeister

OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".

However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.

To me, that doesn't meet the definition of a rootkit.

Regards,

Dave

I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.

MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.

BUT....

This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).

Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.

And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.

One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.

I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).

Such silent modification of media files is stupid, it breaks applications and it adds supplementary trafic to the internet each time a media file is checked (and reported to companies trying to track illegal copies, even if YOUR copies are perfectly legit).

Blame Samsung from installing this component silently (now it is no longer installed in a separate program, but directly within the installation of Kies, and it is extremely difficult to remove from there, and if it's not running, Kies will not even recognize correctly your Samsung Smartphone (and you won't be able to perform a legal firmware update to the current version for your Samsung smartphone or tablet).

I cannot understand why antimalwares do not classify this "MarkAny ContenSAFER" software as a real rootkit, it is really one because it silently modify your files, corrupts them, and logs to Korea any new media files you would have even created yourself, sending some extracts of them on request from the Korean server, so that they can check what it is. MarkAny is effectively monitoring ALL your media files (and this is also a severe privacy breach).

We should campaign immediately against Samsung for delivering MarkAny contentSafer and installing it WITHOUT your permission and for spying on every media files you use (MarkAny contentSAFER is effectively running as a DLL linked to ALL applications that start, and it will activate itself if it detects this is a known media player, including the basic Media player built in Windows with the Sound applet when you logon and a sound is played, or when your PC just wants to play a "beep" sound with the associated sound file (visibly, MarkANY ContentSAFER is silently modifying a LOT of media formats, including MP3, WMA, WMV, RA, Flash video, MPEG4, and even the most basic WAV files, if ever its file size or play diuration is above some threshold; it also alters your own JPEG photos or videoa taken with your OWN cameran, and ALL photos and videos taken with YOUR Smasung smartphone or tablet, as soon as you synchronize them to your PC, and sometimes this causes the modified media file to be corrupted and unplayable or showing some extra "garbage" pixels along the image borders) !

You can easily detect that the media files are corrupted if you start Windows in safe mode, and attempt to compute their checksum with a strong secure hash algorithm (at least MD5 or SHA1) : they no longer match the data signatures you find when running Windows in normal mode, even if their filesize is apparently unchanged.

We cannot tolerate silent watermarking of media files (notably when their security is asserted, for example for default sound files that are part of the standard Windows distribution and which are digitally signed by Microsoft, but that Markany sometimes will alter as well, when it should NEVER modify any media file which is already digitically signed : it's not the job of Samsung to verify the authentificty of Windows components, only Microsoft has a right to do that to check "genuine" Windows installations).

Let's ban MarkAny, it is a malware, causing system corruptions, and a spyware, and a software which also has its own bugs (causing other programs to hang, and even some system drivers to fail and Windows stopping with BSOD, for example when performing system backups, because it also corrupts some SCSI commands needed to control I/O access to your drives within filesystem drivers like NTFS).

I hate those illegal spiers.
The Following User Says Thank You to verdy_p For This Useful Post: [ View ] Gift verdy_p Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes