Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair:

Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information.

[…]

In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks. As noted earlier, two of the visits resulted in the logs the researchers relied on being unrecoverable. In one, the researcher explained they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device.” The researchers received no explanation in the other case.

[…]

The laptops were freshly imaged Windows 10 laptops. All were free of malware and other defects and in perfect working condition with one exception: the audio driver was disabled. The researchers chose that glitch because it required only a simple and inexpensive repair, was easy to create, and didn’t require access to users’ personal files.

Half of the laptops were configured to appear as if they belonged to a male and the other half to a female. All of the laptops were set up with email and gaming accounts and populated with browser history across several weeks. The researchers added documents, both sexually revealing and non-sexual pictures, and a cryptocurrency wallet with credentials.

A few notes. One: this is a very small study—only twelve laptop repairs. Two, some of the results were inconclusive, which indicated—but did not prove—log tampering by the technicians. Three, this study was done in Canada. There would probably be more snooping by American repair technicians.

The moral isn’t a good one: if you bring your laptop in to be repaired, you should expect the technician to snoop through your hard drive, taking what they want.

Research paper.

Tags: ,

Posted on November 28, 2022 at 10:44 AM19 Comments

Comments

Clive Robinson November 28, 2022 12:10 PM

@ Bruce,

With regards,

“Laptop technicians routinely violate the privacy of the people whose computers they repair”

All humans are “curious” those that can “fault find” tend to be way more curious than most, it’s what makes them able to do the job.

What is not mentioned is how old and the sex of the repair technicians.

I’m guessing male and not very old, maybe not even “out of college” age.

Lets just say I would not be overly surprised if their “morals” were not as advanced as say a father.

Which brings us to,

“Three, this study was done in Canada. There would probably be more snooping by American repair technicians.”

Why would you think that?

Could it be connected to the fact that the US divorce rate for infidelity in the US is alleged to be the highest per capiter. Further that the data from “illicit date” web sites, indicate a very high level of marital infidelity / partner cheating in certain classes of US males?

Also “the boys and their toys” issue, suggesting that a higher number of US males do not develop socially much beyond adolescent behaviour?

Or could it be that there is something in the US life style and education that actively promotes those of the “Dark Tetrad” of mental deficiencies?

If I had to bet the price of a cup of tea, it would be towards the last one “life style and education”. The “every man as an island” giving rise to a “Me first” self entitlment is at best asocial if not antisocial and you would expect it to exhibit in a lack of morals towards others in society…

Finley November 28, 2022 12:26 PM

@ Doug,

This is why I always remove disk drive before giving laptop to repair in case of hardware problems.

I thought that was obvious when I did it as a kid, 25 years ago, but non-removable and difficult-to-remove SSDs will make this less practical. One can’t always just press a tab or undo a screw to remove a laptop or phone’s storage device (or battery) anymore. And how easy is it to disable an automatic cloud login if the device won’t turn on? (Ideally, one could log in from another device to do it; I don’t use these services, so I don’t know.)

What’s happening is not “stealing” or “taking” of data, though, and it’s misleading to call it that. If data were stolen, it would be obvious: the owner would find things missing. This is an invasion of privacy and an unauthorized copying of data, and in Canada or Europe could be litigated as such (but not as larceny). The USA should really have a federal privacy law, beyond overly specific ones such as the Video Privacy Protection Act and Health Insurance Portability and Accountability Act that probably won’t apply.

As for clearing logs, recently accessed files, etc., I don’t think that implies anything nefarious. From my point of view, these are privacy-invading features that nobody wanted and most people don’t use, though they have vague worries about this data collection (“In case I die in this mess, clear my browser history” or “destroy my hard drive” has become a trope at this point—yet I’ve never seen anyone actually use browser history other than the “back” button). I have the habit of clearing these things when I find them. Maybe it’s the same for these technicians, or they just don’t want internal URLs or the history of their failed repair attempts recorded. Maybe people have brought devices back and complained about incomplete fixes when errors remained visible in the logs; there are well-known scams using “normal” Windows Event Viewer errors and warnings to scare people.

Simone November 28, 2022 12:32 PM

Dishonest people are just about everywhere, but one should not generalise.
If the technician is serious and does his work professionally, he will never violate customer data.
I think this ‘study’ was done in a very superficial way.

Winter November 28, 2022 1:13 PM

@dough

This is why I always remove disk drive before giving laptop to repair in case of hardware problems.

Then you should use full disk encryption.

In reality, the repair technician will need to boot the computer to see whether it is actually successfully repaired.

I had that problem with a laptop with confidential data. I told them that if they needed to boot the computer from disk, they should simply reformat the disk and reinstall the OS.

Ted November 28, 2022 4:20 PM

It’s pretty cool Bruce. In their paper, the U of Guelph researchers reference your and J. Kelsey’s 1998 work (“Cryptographic Support for Secure Logs on Untrusted Machines”).

That element looks to be a part of their three-pronged call to action. They are encouraging involvement from three stakeholder groups: service providers, device manufacturers/OS developers, and regulatory agencies.

The boots-on-the-ground commentary on the Ars Technica article did little to underplay the “openness” of many repair environments. Yikes.

I was surprised how carefully the researchers themselves undertook this project, particularly the approvals they garnered from their university’s Institutional Review Board (IRB). No technicians were harmed for this research.

vas pup November 28, 2022 6:23 PM

Sorry, link was changed by request I guess of Big Brother.
That link is wrong – I did not double check it before posting.
Those 3 minutes were about FBI whistleblower statement about US version of Pegasus named Phantom developed by technical unit of FBI by modifying Pegasus as Bongino called it Shmegasus. Welcome to 1984!

lurker November 28, 2022 7:38 PM

We used to say Physical Possession = Game Over, so what’s new in this story? Did somebody come up with a way to secretly log data exfiltration when the machine is booted from an external drive? Brute-forcing bios passwords is a given: all service techs must be assumed to be Evil Maids, until you can prove otherwise.

Weather November 28, 2022 9:52 PM

@all
No offense, but what a employer I worked for, and O not doing anything special, I was working at another company, 2 years down when someone called, a brown said they logged in remote desktop and shut down the server, to get a call up, stop fishing, it was south Korea couira.
Lay off.

John Tillotson November 29, 2022 12:26 PM

As a Canadian, I found the comment about “There would probably be more snooping by American…” to be embarrassing.

Innuendo that somehow “Americans” are less trustworthy than “Canadians” is not relevant to the discussion and the value of the work being discussed. It’s not valid scientific information, but it is discriminatory and rude.

Another Floridian November 29, 2022 12:27 PM

Reminded me of a problem I had with a YouBreakIFix location that was expected to change the battery of my Macbook Pro. After paying for that, the issue persisted so I took the laptop to a local Apple shop. The Apple shop told me that the battery looks very old and may never have been changed. So I paid them as well. At least it has worked fine since then.

Moral of the story: open the device yourself and take a photo of the battery. If it looks the same after a shop claims to have replaced it, you know that they did not.

Frank French November 30, 2022 7:11 AM

I’d be interested to re-run the study grouping the IT-fixit stores according to their (published or not) gender breakdown. But that would be more sociology than security.

And it wouldn’t really cast any new light on behavior standards in all-male workplaces.

Wintermute November 30, 2022 9:54 AM

tl;dr version of what follows… Some technicians are incompetent and would miss the driver issue. And do your job and don’t snoop.

I started my IT career in the 90s as a repair technician, and I am appalled at these results. Snooping through someone’s files was just unthinkable for me back then. I’d probably run a malware scan as a matter of course regardless of the issue that the system came in for, because it took all of 5 minutes of actual interaction on my part and potentially prevented a repeat trip to my shop, and an unhappy customer, if something like that was missed.

And having a dozen technicians miss a disabled audio driver does not surprise me. Sometime around 2000 or so, I was sub-contracted by my former employer to do an on-site warranty repair for someone’s name-brand PC. The manufacturer (who I cannot remember… Dell, HP, Gateway… One of those, I’m sure) had send a stack of parts, including RAM, video card, and more, and I was told I was the fifth technician sent on-site. I’m not sure I was told anything other than “it doesn’t work properly,” given the parts and a return label for anything I didn’t use or was replaced. The actual issue? Video drivers needed installed because Win9x was stuck in 640x480x16 mode. Four technicians missed in before me. Four A+ certified technicians, because that was a requirement for the contract from the manufacturer.

Also, not snooping means you know nothing if you are ever compelled to testify in a case involving inappropriate contact with a minor. The most that might be asked is if you saw anything on their PC (no) and if the request to format and re-install Windows was an unusual request (also no), and maybe the demeanor of the customer when they made the request and when they picked the PC back up.

Quantry December 1, 2022 12:40 PM

Notice that this report did NOT say that

“ALL Computer Repair Technicians Are Stealing Your Data, and ALL media reports about studies at universities are fairly summarized in the title line.”

RELIABLY, the MORAL ETHIC of a few people is “SOMETIMES” bad in EVERY occupation, at ALL levels. Endless examples.

MOST of us will cave-in for a “gift” of three times our annual income,

…OR after even minor “mesmerizing suggestions” from [enforcement] thugs, it seems.

c1ue December 4, 2022 10:47 AM

In the interest of steel-manning: could it be that one or more of the stores is executing a backup copy of storage as a standard practice, to ensure no loss of data regardless of what work is done?
I would be a lot more confident on the study results if the researchers were digital forensics professionals as opposed to academics.
The details of what constitutes “access” are also highly open to mis-interpretation, especially by people who don’t do it for a living. Merely booting a machine, much less verifying that it works by running a program will both cause metadata changes.
The personal info is also rather generic. Was it viewing of photos? Was it email? Again, the details do matter.

Anonymous December 15, 2022 4:52 PM

  1. I think it would be interesting if some of the laptops seemed to be owned by celebrities: look at the fiasco surrounding Hunter Biden’s laptop.
  2. This is a tangent, but audio was mentioned in the article. Back around 1979-1982, my Wards 19-inch color TV set developed a fault: the sound stopped working. The picture was fine. The documents included in the purchase had a full-schematic. In those days, I was an electronics tech, but I didn’t specialize in TV-sets. Still, I traced the problem to a house-marked chip that had multiple functions in it, including audio IF, audio detector, and audio amplifier. It was past the 90-days parts-and-labor warranty but was still covered under the 1-year parts warranty. Since I couldn’t order that house-marked chip, as I recall a 14-pin dip that was soldered to the PC board, I took it in to the local TV repair shop. I told them the sound didn’t work. I get a call 2 weeks later to pick it up. The receipt said: TV was turned-on and played for 2 weeks with no problem found, no charge. I get it home, turn it on, and still no sound. The dimwits had apparently not bothered to check the sound on it, when the problem was the sound. I took it back the same day, and complained, and they gave it an initial test while I waited and confirmed no sound. But I had to wait for 6 weeks of repairs on the schedule ahead of me. THEN they called and said there would be a delay as they had to order their own proprietary chip. Which was the same one I suspected to be the cause. The labor charge was high, but I got the chip for free.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.