When you need to drop off your tech devices for a repair, how confident are you that they won’t be snooped on?
CBC’s Marketplace took smartphones and laptops to repair stores across Ontario — including large chains Best Buy and Mobile Klinik — and found that in more than half of the documented cases, technicians accessed intimate photos and private information not relevant to the repair.
Marketplace dropped off devices at 20 stores, ranging from small independent shops to medium-sized chains to larger national chains, after installing monitoring software on the devices. In total, 16 stores were recorded. (At four stores, the tracking software didn’t log anything, or the stores didn’t appear to turn the devices on.)
Technicians at nine stores accessed private data, including one technician who not only viewed photos but copied them onto a USB key.
You must log in or register to comment.
Unsurprising. Most repair shops will ask for your PW to “test that the device works”. If it is for a battery change, or screen fix or whatnot, refuse to give it! It is not required. They can confirm the fix just by accessing the lock screen itself.
deleted by creator
Samsung phones have this but apparently the Samsung diagnostic tool doesn’t work in the repair mode. Dumbest thing I’ve ever heard.
I just use a secondary app to lock down all apps when it needs serviced then.
deleted by creator
Yeah it’s great. When anything goes wrong, you can just throw it in the trash and get a new one.
Like when I accidentally broke the glass on my camera bump and I was able to buy the replacement and fix it myself for under $20, right?
That has to do with the manufacturer, not that it’s android.
deleted by creator
And you believe that’s because it’s an android? So anybody who buys an android phone can expect that nothing will ever go wrong with the hardware?
Edit: To any morons downvoting, that’s literally what the person said. Here, I’ll quote them: “Nice thing about having an Android is I’ve never needed service”
Literally saying that the reason they never needed service is that it’s an android. There is no other way to interpret the statement.
deleted by creator
Shitty people will do shitty things. That said, if you don’t give your password, be prepared to have the technician test all sorts of stuff in front of you. The selfie camera, ear speaker, microphone, etc. sometimes are mounted on the screen. If there are problems, the tech will need to redo the repair. Not advocating for giving your pw, but be prepared for the process to be less convenient.
Edit: My bad, should have clarified I’m talking about phones exclusively. If you’re worried about your computer, create a non-admin user and give them that password. If they had the skills to bypass that, they wouldn’t be working at a repair shop.
If they had the skills to bypass that, they wouldn’t be working at a repair shop.
What are you talking about? I worked at a geek squad back in college days and no one there needed your admin password to get into your computer. We’d just remove the password. The only reason we asked for your password was so you’d get your computer back with the password still on it, lol…
I’m more shocked that none of the techs found the monitoring software and assumed it was something malicious and disabled or removed it…
Bitlocker? FileVault? If you’re cracking those, why the fuck are you working at a Best Buy?
Bitlocker or Filevault for the pin/password to get onto your computer? I don’t think that’ll be a common scenario. I also imagine they bypass the whole password thing, rather than cracking the actual password.
Yup. A majority of the time people didn’t have any of that setup anyway. But also most of windows security is centered around external attacks over a network, not someone actually having your computer so there are lots of ways to just remove the password if you can plug in a flash drive or insert a CD.
If someone actually security conscious brought in a computer truly locked down, we would have had a tough time of it, but people that know how to do that aren’t bringing their computer to geek squad to be fixed, so it’s a catch 22.
Yeah I had a buddy who bought a PC that had a BIOS password on it(which now I realize was probably stolen… but it was like a big box store 2010 desktop which is weird to steal) I was surprised with how easy it was to bypass that, and gain access with a flash drive and 3 minutes of googling
Why? Couldn’t he just use a live distro?
If someone has physical access to your device, they also have the ability to access your files without your password. Unless you are using sophisticated full disk encryption, but that makes it more time consuming to gain access.
I wish Android still had full-disk encryption. It was dropped in Android 10 for file-based encryption, but as far as I know the keys are just somewhere on the device. But I am not sure about that. Like 10%.
They’ll be in a hardware security module, just like the computer should be storing encryption keys with the tpm. Tbh I don’t know what’s actively implemented but definitely on the devices I manage in MDM they’re non-compliant without that. I’m sure you probably can get cheap devices without though. Just like you can get home level laptops without tpm.
What it was really dropped? 😱
Most devices nowadays do. Phones definitely. I think Windows by default now. Macs definitely for a while now.
A lot of times, the camera/earpiece speaker/microphone cables are really fragile and tolerances are tight. The phone isn’t designed to be opened. You should, therefore, make sure they work after the repair by making a test call.
You almost always need to the password to test a phone thoroughly. You can see that the screen works on the lock screen, but what about the front facing camera, and secondary microphone that are attached to the screen and need to be transferred, or replaced if you do it like Apple. On newer iPhones the slightest defect can cause face id to not work. On laptops it depends. Sometimes live USBs don’t have the right drivers to test all the hardware. When you assume things are simple you’re usually wrong.
Weird that you’d mention the cameras, one of the only things you can access from the lock screen.
For everything but data recovery you can get by fine without a password. You aren’t gonna have a hardware issue that makes Facebook slightly slower, your device won’t turn on.
Incorrect. On most devices after the power is cycled you can’t use the camera on the lockscreen. You have to enter the password once before that feature is enabled. And if you’re doing a screen replacement you need to power it off or you risk frying the backlight. How many cellphones have you repaired? 1? Hundreds? Thousands? It was my job for years, and my point is just don’t assume things are simple.
deleted by creator
This is why we need a guarantee that tech workers are asexual before dropping off our devices for repair
And perhaps some kind of alarm to alert when a sexual person is in the repair area.
(Debatably) hot, single, tech support near you!
Two out of three’s not bad.
You could always have a lie detector added into the process to ensure they didn’t look. Though for some reason I think that may be a better fit for someone like a mechanic over tech repair.
I have never - ever - dropped a device off anywhere.
I have spent hours and hours learning new skills, trouble shooting, and engaging in forums with people who know better than me.
But just drop it off? Never.
Wait wait.
I dropped off my ps2 to get modded.
Haha holy shit, the Canada Computers statement that photos weren’t accessed inappropriately & that the employee in question was disciplined, shortly followed by a picture of the technician outright copying only these files to the USB drive. These people are scum
This is why I won’t repair any device I can’t fix myself (which unfortunately is most of them, I’m not very tech literate).
if you are technical enough to replace a hard drive then when you buy a computer also buy an extra drive. day1 build your machine or recover to the new drive. keep original drive in case of repair need. it also helps to troubleshoot if your problem is hardware or software.
Lol, I barely understand the words you just said.
He’s saying that if you can change a hard drive, then you can always just keep a spare one (with a clean OS install) on hand to use whenever you take it in for repairs.
Changing a hard drive is basically knowing where the hard drive is, how to access it, and then unplugging and replugging some cables. Fairly easy, and most newer cases have been designed to make it easy to reach the storage bays.
Not sure why you think explaining the same thing in basically the same way would change anything. I am not tech literate, I wouldn’t even know how to open the computer to access these locations. Stop trying to teach me, you’re wasting your time.
Sorry, that’s my bad. When I see something that looks like a request for information, I try my best to answer it. Even if you personally don’t find it useful, someone else in a similar position but different perspective on learning might be interested. Sorry, hope you have a good day!
I never requested information, I simply made a couple statements about my lack of tech literacy. If I wanted to learn, I would have done so years ago.
This is why commenting on lemmy sucks.
Removed by mod
deleted by creator
It’s like this in the states, too. Had the same scenario with a battery replacement. “You don’t need the password to make sure the battery works.” “But we need to unlock the device to run diagnostics.” “I’ll unlock it for you and we’ll run them together” “No” “oh okay… The password is 0000, call me if it doesn’t work and I’ll unlock it for you and we’ll run diagnostics together!”
This shit has been happening since I was still in high school, 20 years ago. Fuck these places.
I’ve been in tech since 2007 and people are stupid and sometimes they leave “private” photos on the damn desktop. No offense to end users but don’t leave your pornos out in the open…buy two USB drives and back it up to both and store in a closet or something. The end user is also at fault here imo. Many times IT people aren’t looking for shit but people are stupid enough to leave it right in the open.
People are allowed to leave shit on their private computer out in the open and IT bros have 100% of the moral responsibility to not look at it.
It’s unrealistic and more importantly unjust to blame the victim here.
Why are you clicking and opening people’s image or video files even if they’re right on their desktop? I doubt that’s part of the repair troubleshooting you are supposed to be doing. You shouldn’t be clicking on their images or videos even if they are easily accessible.
This being so common is creepy, but I feel like I just read/heard about a case where some pedo was recently arrested because a tech found CSAM on his phone during a repair and reported him. I really value privacy, but in that one case I’m glad the tech got nosey. I’m a bit intoxicated right now and cannot remember where I heard about this, but probably some true crime podcast or YouTube channel. I’ll update with a source if I remember.
EDIT here’s one, but there are dozens of cases like this if you search https://kmph.com/news/local/tech-repair-shop-helps-arrest-customer-possessing-child-pornography-in-fresno
The thing is, it’s really hard to be consistent on beliefs, especially in cases like this where it might sound unfavorable.
If you say you’re against surveillance and spying on devices, people will generally agree that’s a good thing. But this is an example of privacy invasion, and is justified because they caught CSAM, so it must be good, right?
Well in the big picture of things, this would be setting a precedent. Where they can justify these things because they can find and stop these things. This tends to lead to the “think of the children!” fallacy. Legislators are actively using this argument to push anti-privacy measures like breaking encryption so they can stop this. So it unfortunately means, respect privacy, or allow these things to go unchecked.
Freedom comes at a price, and you gotta stay consistent even if it lets bad guys get away with things. You can justify a lot of fascism in the name of stopping the bad guys, since obviously it’s not a good look to defend those actions.
Ehh. Your way sets really bad precedent that deprives all of us of freedoms in much more horrific ways than some retard getting caught with CSAM he should not have been having in the first place.
Freedom means more than that and to argue otherwise is to argue innocent people need to be sacrificed on your political altar to make you feel like you can be safe hiding shit. You never can no matter how free your country is.
What do you mean deprives us of freedoms?
Everyone has a right to lock their bathroom door. Crime might be comitted behind the bathroom door, but usually there will be other evidence of that without looking in the bathroom, so there is no need for the government to legislate that all bathrooms should remove their locks.
No one ever questions the right of locking your bathroom door.
Because the ones who violate our rights the most aren’t tyrannical governments but the people around us. The people who rape us, murder us, commit genocide against us, who commit the most unspeakable of depraved acts with the banality of a zombie in a fucking zombie movie.
And you think that’s okay in the name of stopping a government from turning tyrannical when you knew it was always going to be like that anyway because all governments are inherently authoritarian in nature.
Well yes, because it’s not up to the government to take care of or protect your kids. And it’s your job to make sure they can protect themselves online. That’s just common sense.
Additionally, the government is still effective at catching bad guys without backdoors to encryption, and this stuff doesn’t stop you from monitoring your kids devices.
Yes in the US, Texas for example has used publicly available information to jail moms who travel for abortions.
If the government were to trample on the freedom of privacy, it would affect the right to protest, it would affect freedom of assembly, it would affect freedom of opinion.
China literally monitors most of their citizens communications this way.
We do NOT want governments to invade privacy for the sake of security.
Because, if the government can see what you do, then criminal actors can also see what you do too.
So TIL it’s on me to hunt down predators who abduct my kids and use them to make CSAM or sell them into sex slavery. That actually is pretty close to the truth in today’s tyrannical world.
Governments are always going to surveil their populations en masse and abuse them in the ways you described and more regardless of what their constitution and code of law says, so it’s silly to waste your time with a slippery slope argument when we’re already at the bottom of the valley, always have been and always will be. So are criminal actors.
So we need something for us because rights simply won’t cut it and the Great Experiment obviously failed. That’s not gonna change just because you don’t like it.
Well it’s understandable that you think the predators are random men in white vans texting your kids, grooming, and abducting them, but in actuality, a ton of the major produces of CSAM are parents or family members.
This doesn’t account for a smaller, but significant percentage of self-producers that post online because they’re following online sexual trends, innocently self-expressing, or self-exploiting.
Having the goverment ban encryption will only undermine the privacy and security of law abiding citizens, and jeopardize national security. Parents don’t have to send messages to their kids really.
The police won’t protect your child from your spouse.
Banning encryption won’t do anything to curb this concern of yours, its like banning car locks because people could hide heroin in cars.
I can empathize with your stance, but I have to tell you, that the “protect children” argument has been used to justify genocide, racial segregation, and so many other violations of civil rights within the last 100 years.
What
Read what I said again, slowly this time
Not sure if you read what you wrote, but it’s nonsense
It’s one thing to merely stumble across someone’s private content on a PC while working on it, and quite another to actively seek it out and make a copy like the guys in the article were caught doing.
Thank you! I worked at Staples as an Easy Tech (2006) and we were required to search desktops for pedophile materials so we could report them to authorities when found. I never found any myself but that was policy back then.
