I read on the Tech blogs that Samsung put keyloggers on their notebook computers.
I am wondering, do they do that on their tablets too?
Read more. Samsung has already explained how it's false.
mbazdell said:
Read more. Samsung has already explained how it's false.
Click to expand...
Click to collapse
The admitted doing it...... Check slashdot...
-Sno
Snocrash7 said:
The admitted doing it...... Check slashdot...
-Sno
Click to expand...
Click to collapse
No, the guy who made the allegations *claims* that they admitted it.
It has since been shown to be false!
Regards,
Dave
So some "independent" security consultant runs his software to see about spyware or whatever, gets a false positive, news runs rampant and then Samsung gets an independent body to buy product from a retailer and test. The independent body confirms it is a false positive but I don't see any "breaking news" with apologies.
That pisses me off.
fragdagain said:
So some "independent" security consultant
Click to expand...
Click to collapse
This "so called" consultant ran an off the shelf virus checker, known to produce a false positive, and published his "results" without even a modicum of research into the cause.
He looks incredibly retarded and incompetant now, and I can't see why anyone would ever again utilize his services.
Regards,
Dave
well samsung might not be putting keyloggers. But they sure install rootkits for drm purposes (i have known that since i first got my samsung mp3 and installed media studio as a syncing program).
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
As our great spacemoose dev said why does samsung have to do everything in backwards ass possible.
DarkPal said:
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
Click to expand...
Click to collapse
I don't have such a folder, but the existence of a folder doesn't imply the existence of a rootkit. I've tried googling "samsung kies rootkit" and found nothing.
Regards,
Dave
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
DarkPal said:
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
Click to expand...
Click to collapse
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
I hate this malware bundled in Samsung softwares
foxmeister said:
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
Click to expand...
Click to collapse
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
Such silent modification of media files is stupid, it breaks applications and it adds supplementary trafic to the internet each time a media file is checked (and reported to companies trying to track illegal copies, even if YOUR copies are perfectly legit).
Blame Samsung from installing this component silently (now it is no longer installed in a separate program, but directly within the installation of Kies, and it is extremely difficult to remove from there, and if it's not running, Kies will not even recognize correctly your Samsung Smartphone (and you won't be able to perform a legal firmware update to the current version for your Samsung smartphone or tablet).
I cannot understand why antimalwares do not classify this "MarkAny ContenSAFER" software as a real rootkit, it is really one because it silently modify your files, corrupts them, and logs to Korea any new media files you would have even created yourself, sending some extracts of them on request from the Korean server, so that they can check what it is. MarkAny is effectively monitoring ALL your media files (and this is also a severe privacy breach).
We should campaign immediately against Samsung for delivering MarkAny contentSafer and installing it WITHOUT your permission and for spying on every media files you use (MarkAny contentSAFER is effectively running as a DLL linked to ALL applications that start, and it will activate itself if it detects this is a known media player, including the basic Media player built in Windows with the Sound applet when you logon and a sound is played, or when your PC just wants to play a "beep" sound with the associated sound file (visibly, MarkANY ContentSAFER is silently modifying a LOT of media formats, including MP3, WMA, WMV, RA, Flash video, MPEG4, and even the most basic WAV files, if ever its file size or play diuration is above some threshold; it also alters your own JPEG photos or videoa taken with your OWN cameran, and ALL photos and videos taken with YOUR Smasung smartphone or tablet, as soon as you synchronize them to your PC, and sometimes this causes the modified media file to be corrupted and unplayable or showing some extra "garbage" pixels along the image borders) !
You can easily detect that the media files are corrupted if you start Windows in safe mode, and attempt to compute their checksum with a strong secure hash algorithm (at least MD5 or SHA1) : they no longer match the data signatures you find when running Windows in normal mode, even if their filesize is apparently unchanged.
We cannot tolerate silent watermarking of media files (notably when their security is asserted, for example for default sound files that are part of the standard Windows distribution and which are digitally signed by Microsoft, but that Markany sometimes will alter as well, when it should NEVER modify any media file which is already digitically signed : it's not the job of Samsung to verify the authentificty of Windows components, only Microsoft has a right to do that to check "genuine" Windows installations).
Let's ban MarkAny, it is a malware, causing system corruptions, and a spyware, and a software which also has its own bugs (causing other programs to hang, and even some system drivers to fail and Windows stopping with BSOD, for example when performing system backups, because it also corrupts some SCSI commands needed to control I/O access to your drives within filesystem drivers like NTFS).
I hate those illegal spiers.
Thanks!
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.........
Click to expand...
Click to collapse
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Boot into Safe Mode, Make sure if the program has icon in the System Tray by the clock that is disabled. Use the CCleaner/Tools/Uninstall option to uninstall the program. Once it is completed, boot into Safe Mode again and in CCleaner Search for ContentSafer. Delete any instances of the file. Then do another search for MarkAny. Delete any instances of the file
Click to expand...
Click to collapse
acuxda said:
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Click to expand...
Click to collapse
wow thank you for that explanation. that is pure evil time to boot into safe mode and eradicate this plague.
JeremySeven said:
How to remove mobile spy without losing the data?
Click to expand...
Click to collapse
I have since redone my system and flat out refused to install Kies. you can install the usb drivers separately and not get this spyware installed on your systems. as to removing it once you installed it it's just a matter of booting your desktop/laptop into safemode finding it renaming it and running a reg cleaner like ccleaner. you will however lose the ability to use Kies to install signed firmware updates etc but it's a small price to pay for peace of mind. after all your could always use Odin for flashing. the data is not actually encrypted etc just watermarked so you will not lose access to any files it touched but if you did a bit for bit comparison on them you might see the changes the watermarking did to them in a hex editor. what worry's me most about this spywear is it digitally watermarks every single media file on your computer and talls some random server in god knows what country the checksum in short nasty nasty nasty form a privacy perspective.
so, is it true that they place keylogger in KIES?
fauzanfirefox said:
so, is it true that they place keylogger in KIES?
Click to expand...
Click to collapse
Keylogger no root kit yes.
Sent from my SAMSUNG-SGH-I547 using xda app-developers app
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
.......
Click to expand...
Click to collapse
Thanks for the information, but can you provide some proof, please? I'm interested in seeing the connection to the server in particular. Do you by chance have a wireshark capture of this?
Hi all,
I have been having problems downloading the
[vB2.9.1 Odexed][CM7 XRON-ified][Super Tweaked][Updated 01/03/2012]
from the link on the OP's post. I keep downloading a 156mb file and it contains three instances of the "trojan.androidos.plangton" virus, as detected by my kaspersky 2012, norton 360 AND MS Security Essentials virus scanners (on different machines and all updated for the latest definitions).
I have attached a screen print of the virus (from kaspersky) on a word doc - forgive me but I am a noob...
I have reverted to the B.2.9.1 01/01/2012 build of the rom and it is all fine, but am just wondering what is going on here?
Anyone else experience this?
Wanderer
Nothing wrong with my Zip.
Norton says its ok
There is a good way to know if Android is really infected but you first need to install it.
Check the processes running (not only the programs !) and if something called AndroidMDKProvider is running you're infected.
Thanks for your response!
I immediately downloaded the file again onto two machines both running kaspersky internet security 2012 and a third with MS Security essentials and yet again i get the response that a virus has been detected - from all 3 machines...
This is all very confusing - I no longer have access to the machine with Norton 360 as my brother has taken it so...
I have emailed kaspersky regarding this issue and await their response. It seems that there does exist a virus with that name (some more googling brought that up) but as to whether this file has it...
Koalala, thanks for your response - do I check from the cm7 settings menu, going into manage applications-> running tab?
I don't mind trying the zip on my TP just for an experiment, i don't have any personal information on it yet...
Thanks
Hello,
I'm just starting my dev journey with WP8 with my new T-Mobile Lumia 520.
First what I need to do is to debrand my lumia - for faster updates. T-Mobile is not offering yet the next release of fw which allows to disable images in IE, and as dev I need to be up-to-date as fast as possible. I need to download the FW, but I don't know which one - localized for sure, but what GDR is? What Amber means? I can't decide which one do I need to download and flash. (http://forum.xda-developers.com/showthread.php?t=2515453 This instruction doesn't show the moment of decision).
Next question is about unlocking. I'm downloading music from Soundcloud via Cloudoh and I want to access them from my PC, same as files located inside of other apps - do I need to unlock the device to do that? For example - how to upload a pdf from PC to winpho pdf reader?
Windows Store allows me to download installable files at PC and install them via SD Card. Some apps aren't supposed to work with my device. Is there any solution how to install them at my risk?
And the last question, but not least - I have my dev account but its time limited and app-count-limited. Is there any way how to check if my Lumia is dev-unlocked, how long this unlock lasts and what is my current app-limit? Just for my information - I like to have the ways to check everything.
Please, help me
GDR = General Distribution Release (a brief web search would have told you this). Microsoft-ese for a post-initial-release update (think of service packs for other MS software). The current version is GDR3, also called Update 3. "Amber" is Nokia's codename for the firmware version that they ship along with GDR2. "Black" is Nokia's firmware name for GDR3. Note that OEM firmware (such as Amber or Black) are different from Microsoft OS updates (such as GDR2 or Update 3), although they are typically delivered together. If you're already on at least GDR2, you can get Update 3 directly from Microsoft without waiting for T-Mobile or Nokia; search the Store for "Preview for Developers".
You cannot access files stored inside an app from anywhere else, either a PC or another app, unless the app explicitly makes them available by including a method to export them. Most apps don't implement this. The only exceptions to this rule are for images (which can be stored in the Pictures Library of the phone, much like the built-in camera app or screenshot functions) and OEM apps, which can have extra permissions (Capabilities, such as ID_CAP_PUBLIC_FOLDER_FULL) that aren't allowed for third-party developers. However, for development apps (that is, ones which were sideloaded to your phone from an unsigned XAP file), you can access their Isolated Storage from your PC using the aptly-named Isolated Storage Explorer Tool (or any other program that implements the required APIs, such as Windows Phone Power Tools).
To upload a PDF to the phone, you can do any number of things. Over USB, copy it to the Documents folder on the phone using any MTP software (Windows Explorer works). Over Bluetooth, just send the file directly. Over email, just attach the PDF. Over the Internet, you can use SkyDrive, or any other "cloud" app, or if it's on a web server you can get it from the phone's browser...
I'm not aware of any work-around for the minimum-memory restriction on some apps. I believe it mostly only applies to large games? In any case, you have one of the lowest-end WP8 devices on the market; there are limits which come with that.
The official way to tell if your phone is dev-unlocked is to use the Windows Phone Developer Registration tool, the same one you use to do the dev-unlock in the first place. A paid developer account always gives a limit of 10 apps (the free one is 2 apps). There's no official way to tell how many apps you have remaining, but it's simple enough to tell if you have any space left; just try sideloading any app that isn't already installed!
GoodDayToDie said:
GDR = General Distribution Release (a brief web search would have told you this).
Click to expand...
Click to collapse
Yeah, I did some sort of search on forums and Google and I haven't found anything.
GoodDayToDie said:
You cannot access files stored inside an app from anywhere else, either a PC or another app
Click to expand...
Click to collapse
After unlock it is still unaccessible? I had to jailbreak my iPad because without jb it is not easy to operate. I thought about something like this for Lumia. I think it is only the need of time for others to omit this problem
Disney offered lastly a promotion for its games. I was interested with some of them, but only one was accessible for my device. xap file needed only 70 mb of space. I think there was a problem with performance, but if I want see a laggy game I should have the ability to install it despite everything.
There's no jailbreak available for Lumia phones yet. Something like that should, indeed, allow accessing the storage of the apps (and everything else) but we don't have one...
The size of the XAP has very little to do with the runtime requirements of the app (RAM and CPU). I have written apps of only a few kilobytes that required over 10 gigs of RAM to run (not a phone app, obviously). To avoid people with low-end phones getting annoying with the platform and thinking it's the fault of either Microsoft or the app developer when an app crashes from running out of RAM, they've prohibited installing high-RAM apps on low-RAM devices.
You mean T-Mobile's Lumia 521 right? There's no other ROM you can flash to it that might have the update.
Hi,
So, Android has a permission system which albeit somewhat flawed (malware can gain permissions not intended for it) and not very suitable for laymen (non rooted phones have to either accept all permissions or be denied from the app. In many programs people don't have the luxury of not using them) theoretically has merit. IOS has...well actually I'm not sure how it works security wise but I pressume it creates sandboxes for each app, layman wise it is reasonable since you (theoretically) can deny access for all programs to certain components (no need to jailbreak).
How does WP works?
Thank you.
Security is different, apps can't do as much as on android. But iOS is better in this, because capabilities are like in Android: you can see what the apps want prior to installing them, but blocking some of them isn't possible.
I am very saddened to hear this.
Is there an ability in place similar to Androids rooting?
Also, what do you mean by "apps can't do as much as on android"?
Thank you!
@th0mas96's post is technically *mostly* accurate but very confusing and doesn't actually answer your question at all.
The short version is that WP apps use a capability-and-sandbox system much like iOS and Android, with each app getting a sandbox that gives it read-only access to the app-specific install directory and the global system directory, read/write access to the app-specific data directory, and access to whatever other stuff is specified in the capabilities. Capabilities are currently all-or-nothing; you can't reject or disable any capability except by just not installing the app.
I could go into the technical implementation of the system a bit, but the short version is that WP8 apps use fairly standard NT (as in the NT kernel that is at the core of PC Windows versions) security features: each app has a unique token (rather than inheriting the token of the process that crated it, the way it normally works on PC but very much like how Windows Store apps work on Win8) which contains the app-specific Security IDentifier (SID) that gives access to the app directories, plus the SIDs of the various capabilities that the app has.
What @th0mas96 was talking about is that WP capabilities usable by third-party developers are much more restrictive than they are on Android. For example, Android allows an app have full read-write access to your contacts or to send SMS directly. WP8 doesn't allow that unless you use capabilities that are normally neither allowed on the store nor allowed in sideloaded apps (Microsoft's code can have them, of course - that's how the built-in SMS app works - but not Joe Random Dev). The downside of this is obvious; some app behaviors (like a full replacement for the SMS app or phone dialer) are not possible. The upside is that apps are *way* more limited in how malicious they can be; the most common way that Android malware makes money (remember, the vast majority of malware is for profit) is by sending SMS to "premium" numbers. On WP8, an app could *compose* such a message, but it couldn't *send* it for you (unless it had a capability that third-party apps normally can't have) so you'd have a chance to see what the app was doing and decide not to send that message after all.
This means that the ability to disable capabilities is much less important on WP8 than on Android.
Oh, then those restrictions are actually good news.
Aside from from your typical run-of-the-mill malware my main concern was actually privacy. I have a huge displeasure from apps like Whatsapp which on android takes a whole plethora of liberties and was hoping that perhaps some other system may contain their user data voracity and their ability to control the divice their on.
Is there any link in which I could see the full list of those restrictions?
I'm still downhearted from not having a more fine grained control of the system but maybe it still has it uses in some scenarios...
Also, thank you very much for your comprehensive explanation!
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Window phone Security Issues
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
grilledcheesesandwich said:
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Click to expand...
Click to collapse
Sounds interesting.
Not something I'd try )) but interesting.
Aman Raien said:
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
Click to expand...
Click to collapse
I pressume this is an advert for Master Software Solutions, but nevertheless I did google the term you suggested and got nil results. I also browsed the main site of the company itself but haven't found anything related, nor did I find anything on their facebook page.
Regardless, I checked out this Kids corner thing, it's cute but not really security related...
Thx anyway.