A recent Malwarebytes blog post queries just how safe your personal data is when you leave your computer in the hands of a repair shop. To be honest, it’s not something I’ve ever considered because I’ve always performed my own repairs, but it does bring up an interesting question.
A recent study by researchers at the University of Guelph in North America has uncovered a number of rather disturbing findings. In summary, the study confirmed that “electronics repair services lack effective privacy protocols and that technicians often snoop on customers’ data” ~ (source).
- Repair personnel was asked to perform a battery replacement for Asus UX330U laptops running Microsoft Windows 10 – a fix that should not require login credentials or operating system access. Yet, all but one of the firms asked for login credentials
- Only three national and three regional repair services provided any sort of terms and conditions for the customer to sign and, worse still, all these consisted of was a disclaimer denying liability for any data loss
Repair Services Snooping?
Taking the study a step further, researchers then provided the repair shops with rigged Windows laptops specifically loaded with dummy data to secretly log how repair staff treated their customers’ data. Once again, the findings were far from encouraging:
- Six of sixteen technicians snooped on customers’ data, and two of sixteen copied customers’ data to external devices. One technician did so in a way to avoid generating evidence, while three others took steps to conceal their activities
- The most prominent snooping by repair technicians was hunting through the customer’s photos, searching through the customer’s browsing history, and, in one case, going through financial data
- When queried on the safety of customers’ data, none of the businesses had any plan or protocol in place to prevent this type of snooping from happening and all responses came down to variations of “Trust me, we won’t do it”.
These are some alarming findings, and it’s patently obvious that legislation is required to enforce privacy protocols on these businesses in order to protect customers’ data.
- Read the Malwarebytes blog post in full: Repair firms might be rifling through your personal data
- Read The Register’s article covering the study: Commercial repair shops caught snooping on customer data
Steps You Can Take To Protect Your Data
If you do need to take your PC to a repair shop and are concerned about the privacy of your personal data at all, these are a few steps you can take beforehand to mitigate the risks:
- Copy all personal data over to an external device, then delete that data from the PC and clean out the system with something like PrivaZer, which is not only an effective cleanup tool but also a top-notch privacy tool
- Alternatively, encrypt or password-protect your data. If using password protection, make sure that the password is not recorded anywhere in the system
- Sign out of any accounts, apps, and anything requiring a log-in
Do you trust the repair service you use? Or maybe the findings of this study will have you second-guessing? Let us know in the comments.