Worried about computer repair technicians stealing your data and photos? You should be, the study finds out

Image: Getty

A study by Canadian computer scientists has found that technicians at electronics repair shops often take a look at customers’ private data and sometimes copy it too.

While many computer and smartphone owners worry about the vulnerability of their data when taking a device in for repair, this research aimed to find out how common spying is on service providers. big and small repair.

As spotted by Ars Technica, researchers at the School of Computer Science at the University of Guelph in Canada report their findings in a new paper, suggesting that it’s quite common for repair technicians to blur out customers’ private data.

The researchers also found that most electronics repair service providers do not have a privacy policy or protocols to protect customers from technicians who wipe their device data and also default to asking for operating system credentials when not are necessary for repairs.

To do this, the researchers left six freshly purchased Windows 10 laptops for repair, with the audio unit disabled to create the impression that there was a problem that needed to be fixed. Then, after the devices were fixed and returned, the researchers analyzed device logs to see if there were any privacy violations that occurred during the repair.

They took the six laptops to 16 small regional and national repair service providers between October and December 2021. Three devices were set up with a male person and three with a female person. They recruited three male and three female experimenters to leave the devices for repair.

The researchers found that technicians at six of the 16 providers scrutinized customer data, while technicians at two providers copied data to external devices.

Of the six sites where the spying occurred, three disposed of evidence, while one did so in a way to avoid generating evidence.

The researchers chose the audio issue to fix because of its ease of repair and the fact that it did not require access to user files to repair, unlike malware removal. Investigators found that a technician at a national provider accessed revealing images of a female experimenter. At regional service providers, there was a breach of privacy against male and female experimenters where revealing documents, pictures and images were accessed. A male experimenter’s browser history was viewed by a technician, and revealing images were compressed and transferred to an external storage device.

For local service providers, they found that one technician had accessed the browser history of a male experimenter, while a technician in this group accessed the revealing documents, pictures, and images of the female experimenter, and of copying a file that contained passwords and revealing images to an external file. device

Additionally, technicians from three service providers deleted items in Windows’ “Quick Access” or “Recently Accessed Files” list. In another case, the technician enlarged the thumbnails to leave no trace of the file being accessed.

The electronics repair industry offers economic and environmental benefits, Khan and other researchers write in the paper. “However, there is a great need to measure current privacy practices in the industry, understand customer perspectives, and create effective controls that protect customer privacy.”

Leave a Comment

Your email address will not be published. Required fields are marked *