Thinking of taking your computer to the repair shop? Be very scared
Thinking of taking your computer to the repair shop? Be very scared
Expand
Getty Images
If you've ever worried about the privacy of your sensitive data when seeking a computer or phone repair, new research suggests you have good reason. He found that privacy breaches happened at least 50% of the time, which is not surprising, with female customers being the most affected.
Researchers at the University of Guelph in Ontario, Canada, have recovered laptop computer logs after being repaired overnight in 12 commercial shops. Logs showed that technicians at six of the sites had accessed personal data, and two of those stores had also copied data to a personal device. Female-owned devices were more likely to be spied on, and this snooping tended to seek out more sensitive data, including sexual and non-sexual photos, documents, and financial information.
Soufflé
"We were blown away by the results," Hassan Khan, one of the researchers, said in an interview. Of particular concern was the copying of data, which occurred during repairs for one from a male customer and the other from a female, he said. "We thought they would at most look at [the data]."
The number of eavesdroppings may actually have been higher than recorded in the study, which was conducted from October to December 2021. In total, the researchers took the laptops to 16 stores across the greater Ontario region. Logs on devices for two of these visits were not recoverable. Two of the repairs were carried out on site and in the presence of the customer, so the technician did not have the possibility of surreptitiously consulting personal data.
In three cases, Windows Quick Access or recently accessed files were deleted in what researchers suspect was an attempt by the nosy tech to cover their tracks. As noted earlier, two of the visits rendered the logs the researchers relied on unrecoverable. In one, the researcher explained that he had installed antivirus software and performed disk cleanup to "remove multiple viruses on the device." The researchers received no explanation in the other case.
Here is a breakdown of the six visits that resulted in the spying:
Enlarge
This, Stegman, Khan
Laptops were freshly imaged Windows 10 laptops. All were free of malware and other defects and in full working order with one exception: the audio driver was disabled. The researchers chose this problem because it required only a simple and inexpensive repair, was easy to create, and did not require access to users' personal files.
Half of the laptops were configured to appear as if they belonged to a man and the other half to a woman. All laptops were configured with email and game accounts and populated with browser history over several weeks. The researchers added documents, both sexually revealing and non-sexual images, and a cryptocurrency wallet with identifying information.
The researchers also configured the laptops to run a custom logging application that used the Windows Steps Recorder utility in the background. The utility captured the screen with every mouse click and recorded every key pressed by the user. The researchers also enabled the Windows Audit Policy to log access to any file on the device.
Researchers then took the laptops to two national, two regional and four local outlets. Half of the customers were men and the other half were women.
If you've ever worried about the privacy of your sensitive data when seeking a computer or phone repair, new research suggests you have good reason. He found that privacy breaches happened at least 50% of the time, which is not surprising, with female customers being the most affected.
Researchers at the University of Guelph in Ontario, Canada, have recovered laptop computer logs after being repaired overnight in 12 commercial shops. Logs showed that technicians at six of the sites had accessed personal data, and two of those stores had also copied data to a personal device. Female-owned devices were more likely to be spied on, and this snooping tended to seek out more sensitive data, including sexual and non-sexual photos, documents, and financial information.
Soufflé
"We were blown away by the results," Hassan Khan, one of the researchers, said in an interview. Of particular concern was the copying of data, which occurred during repairs for one from a male customer and the other from a female, he said. "We thought they would at most look at [the data]."
The number of eavesdroppings may actually have been higher than recorded in the study, which was conducted from October to December 2021. In total, the researchers took the laptops to 16 stores across the greater Ontario region. Logs on devices for two of these visits were not recoverable. Two of the repairs were carried out on site and in the presence of the customer, so the technician did not have the possibility of surreptitiously consulting personal data.
In three cases, Windows Quick Access or recently accessed files were deleted in what researchers suspect was an attempt by the nosy tech to cover their tracks. As noted earlier, two of the visits rendered the logs the researchers relied on unrecoverable. In one, the researcher explained that he had installed antivirus software and performed disk cleanup to "remove multiple viruses on the device." The researchers received no explanation in the other case.
Here is a breakdown of the six visits that resulted in the spying:
Enlarge
This, Stegman, Khan
Laptops were freshly imaged Windows 10 laptops. All were free of malware and other defects and in full working order with one exception: the audio driver was disabled. The researchers chose this problem because it required only a simple and inexpensive repair, was easy to create, and did not require access to users' personal files.
Half of the laptops were configured to appear as if they belonged to a man and the other half to a woman. All laptops were configured with email and game accounts and populated with browser history over several weeks. The researchers added documents, both sexually revealing and non-sexual images, and a cryptocurrency wallet with identifying information.
The researchers also configured the laptops to run a custom logging application that used the Windows Steps Recorder utility in the background. The utility captured the screen with every mouse click and recorded every key pressed by the user. The researchers also enabled the Windows Audit Policy to log access to any file on the device.
Researchers then took the laptops to two national, two regional and four local outlets. Half of the customers were men and the other half were women.
Expand
Getty Images
Enlarge
This, Stegman, Khan
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
