A study by Canadian computer scientists found that technicians at electronics repair shops often spy on, and sometimes even copy, customers’ personal data.
Many PC and smartphone owners worry about how vulnerable their data is when sending their devices in for repair, but this study shows how snooping is common with repair service providers large and small. It is intended to clarify whether
as discovered by Arstecnicaresearchers from the Department of Computer Science, University of Guelph, Canada, report their findings. new paperThis suggests that it is very common for repair technicians to snoop on customers’ personal data.
The researchers also found that most electronics repair service providers don’t have privacy policies or protocols to protect customers from technicians snooping on device data, and by default, if it’s not needed for repairs, I also discovered that it asks for OS credentials.
To do so, the researchers brought in six newly purchased Windows 10 laptops for repair and disabled the audio drives to give the impression that there was an issue that needed fixing. Then, after the device was repaired and returned, the researchers analyzed the device’s logs to see if there were any privacy violations that might have occurred during the repair.
They brought 6 laptops to 16 smaller regional and national repair service providers between October and December 2021. Three devices were configured with a male persona and three with a female persona. They recruited three men and her three female experimenters to bring in the device for repair.
Researchers found that 6 out of 16 providers had technicians snooping on customer data, and 2 provider technicians copied data to external devices.
Of the six locations where snooping occurred, three removed evidence and one did so in a way that avoided generating evidence.
Researchers decided to fix the audio issue because it is easier to repair and unlike malware removal, it does not require access to user files to repair. Researchers found that a technician at one national provider had access to revealing photographs of female experimenters. At her provider of regional services, there was an invasion of privacy for male and female experimenters, and documents, photographs, and exposure photographs were accessed. The male experimenter’s browser history was viewed by a technician, and any apparent photographs were compressed and transferred to external storage.
For a local service provider, one technician has access to one male experimenter’s browser history, and this group of technicians has access to the female experimenter’s documents, photos, and exposure photos, including passwords and exposure photos. I discovered that I had copied the file externally. device.
In addition, technicians from three service providers cleared items in the Windows “Quick Access” list or “Recently Accessed Files”. In another example, a technician enlarged a thumbnail to leave no trace of a file being accessed.
Khan and fellow researchers write in a paper that the electronics repair industry offers economic and environmental benefits. “However, there is an urgent need to measure current privacy practices in the industry, understand customer perspectives, and build effective controls to protect customer privacy.”