According to a study by Canadian IT professionals, technicians in electronics repair shops often sneak a peek at customers’ private data and sometimes copy it.
While many PC and smartphone owners worry about the vulnerability of their data when taking their device to a repairer, this study aimed to find out how common spying is among service providers large and small. of repair.
As Ars Technica reports, researchers from the School of Computing at the University of Guelph, Canada, have presented their findings in a new paper, suggesting that it’s quite common for repair technicians to snoop around in private customer data.
The researchers also found that most electronics repair service providers do not have privacy policies or protocols to prevent technicians from snooping on their devices’ data, and that they prompt for operating system credentials by default, even when they are not needed for repairs.
Experience in real conditions
For the purposes of the investigation, researchers dropped off six recently purchased Windows 10 laptops for repair. The audio player had previously been disabled, to make it look like there was a problem that needed fixing. Then, after the devices were repaired and returned, the researchers analyzed the device logs to see if any privacy breaches might have occurred during the repair.
The six laptops were taken to 16 small regional and national repair service providers between October and December 2021. Three devices were configured with a male character and three with a female character. The researchers thus recruited three male experimenters and three female experimenters to deposit the devices for repair.
After analyzing the returned devices, they found that the technicians of six of the 16 providers snooped in the data of these “customers”. Technicians from two providers even copied data to external devices.
Of the six sites where the spying took place, three removed the evidence, while the last did so in a way that avoided generating evidence.
Protect customer privacy
The researchers chose to invent an audio problem because it involves ease of repair, and especially because the latter does not require access to user files – unlike a problem related to the removal of malware for example.
In the end, several technicians consulted the sensitive photos stored on the PCs, for both male and female profiles. Some technicians also consulted other documents. One of them even recovered sensitive photos to transfer them to an external storage device.
To avoid leaving a trace, technicians from three service providers erased items in Windows’ “Quick Access” or “Recently Accessed Files” list. In another case, the technician zoomed in on the thumbnails so that it could not be determined that he accessed the file.
Having your electronic devices repaired has economic and environmental benefits, the researchers point out in their article. “However, there is a strong need to measure current privacy practices in the industry, understand the perspective of customers, and put in place effective controls that protect their privacy. »
Source: ZDNet.com