When you need to drop off your tech devices for a repair, how confident are you that they won’t be snooped on?
CBC’s Marketplace took smartphones and laptops to repair stores across Ontario — including large chains Best Buy and Mobile Klinik — and found that in more than half of the documented cases, technicians accessed intimate photos and private information not relevant to the repair.
Marketplace dropped off devices at 20 stores, ranging from small independent shops to medium-sized chains to larger national chains, after installing monitoring software on the devices. In total, 16 stores were recorded. (At four stores, the tracking software didn’t log anything, or the stores didn’t appear to turn the devices on.)
Technicians at nine stores accessed private data, including one technician who not only viewed photos but copied them onto a USB key.
I wish Android still had full-disk encryption. It was dropped in Android 10 for file-based encryption, but as far as I know the keys are just somewhere on the device. But I am not sure about that. Like 10%.
They’ll be in a hardware security module, just like the computer should be storing encryption keys with the tpm. Tbh I don’t know what’s actively implemented but definitely on the devices I manage in MDM they’re non-compliant without that. I’m sure you probably can get cheap devices without though. Just like you can get home level laptops without tpm.
What it was really dropped? 😱