365
submitted 1 year ago by girlfreddy@lemmy.world to c/news@lemmy.world

When you need to drop off your tech devices for a repair, how confident are you that they won't be snooped on?

CBC's Marketplace took smartphones and laptops to repair stores across Ontario — including large chains Best Buy and Mobile Klinik — and found that in more than half of the documented cases, technicians accessed intimate photos and private information not relevant to the repair.

Marketplace dropped off devices at 20 stores, ranging from small independent shops to medium-sized chains to larger national chains, after installing monitoring software on the devices. In total, 16 stores were recorded. (At four stores, the tracking software didn't log anything, or the stores didn't appear to turn the devices on.)

Technicians at nine stores accessed private data, including one technician who not only viewed photos but copied them onto a USB key.

top 50 comments
sorted by: hot top controversial new old
[-] AllHailTheSheep@sh.itjust.works 106 points 1 year ago

as a technician myself, I hate this. I truly don't understand why any tech would ever do any snooping. I fix dozens of devices a day, I need the password so I can test the new part and make sure everything is working as it should be after the repair. I'm far to busy and apathetic to give a shit what people have on their devices.

side note, for those of y'all with Samsung phones, there's a maintenance mode that will allow the tech to test everything after the repair but not access any data on your device.

[-] GreenIcePear@lemm.ee 27 points 1 year ago

How would I go about putting my device in maintenance mode? Iirc that was only available for repairs at Samsung Authorized stores?

[-] radiumv@lemmy.world 35 points 1 year ago

Settings -> Battery & Device Care -> Maintenance Mode

[-] jimbo@lemmy.world 12 points 1 year ago

I truly don’t understand why any tech would ever do any snooping.

You don't understand that some people are just dirt bags?

[-] beaubbe@lemmy.world 55 points 1 year ago

Unsurprising. Most repair shops will ask for your PW to "test that the device works". If it is for a battery change, or screen fix or whatnot, refuse to give it! It is not required. They can confirm the fix just by accessing the lock screen itself.

[-] ttr@lemmy.zip 22 points 1 year ago* (last edited 1 year ago)

Shitty people will do shitty things. That said, if you don't give your password, be prepared to have the technician test all sorts of stuff in front of you. The selfie camera, ear speaker, microphone, etc. sometimes are mounted on the screen. If there are problems, the tech will need to redo the repair. Not advocating for giving your pw, but be prepared for the process to be less convenient.

Edit: My bad, should have clarified I'm talking about phones exclusively. If you're worried about your computer, create a non-admin user and give them that password. If they had the skills to bypass that, they wouldn't be working at a repair shop.

[-] Crozekiel@lemmy.zip 7 points 1 year ago

If they had the skills to bypass that, they wouldn't be working at a repair shop.

What are you talking about? I worked at a geek squad back in college days and no one there needed your admin password to get into your computer. We'd just remove the password. The only reason we asked for your password was so you'd get your computer back with the password still on it, lol...

I'm more shocked that none of the techs found the monitoring software and assumed it was something malicious and disabled or removed it...

load more comments (4 replies)
load more comments (6 replies)
[-] CubitOom@infosec.pub 9 points 1 year ago

If someone has physical access to your device, they also have the ability to access your files without your password. Unless you are using sophisticated full disk encryption, but that makes it more time consuming to gain access.

[-] user224@lemmy.sdf.org 6 points 1 year ago

I wish Android still had full-disk encryption. It was dropped in Android 10 for file-based encryption, but as far as I know the keys are just somewhere on the device. But I am not sure about that. Like 10%.

[-] Snowplow8861@lemmus.org 6 points 1 year ago

They'll be in a hardware security module, just like the computer should be storing encryption keys with the tpm. Tbh I don't know what's actively implemented but definitely on the devices I manage in MDM they're non-compliant without that. I'm sure you probably can get cheap devices without though. Just like you can get home level laptops without tpm.

load more comments (1 replies)
[-] RunningOutOfViolence@lemmy.ca 5 points 1 year ago

You almost always need to the password to test a phone thoroughly. You can see that the screen works on the lock screen, but what about the front facing camera, and secondary microphone that are attached to the screen and need to be transferred, or replaced if you do it like Apple. On newer iPhones the slightest defect can cause face id to not work. On laptops it depends. Sometimes live USBs don't have the right drivers to test all the hardware. When you assume things are simple you're usually wrong.

[-] Traister101@lemmy.today 6 points 1 year ago

Weird that you'd mention the cameras, one of the only things you can access from the lock screen.

For everything but data recovery you can get by fine without a password. You aren't gonna have a hardware issue that makes Facebook slightly slower, your device won't turn on.

load more comments (2 replies)
[-] Surp@lemmy.world 15 points 1 year ago

I've been in tech since 2007 and people are stupid and sometimes they leave "private" photos on the damn desktop. No offense to end users but don't leave your pornos out in the open...buy two USB drives and back it up to both and store in a closet or something. The end user is also at fault here imo. Many times IT people aren't looking for shit but people are stupid enough to leave it right in the open.

[-] pinkdrunkenelephants@lemmy.cafe 19 points 1 year ago

People are allowed to leave shit on their private computer out in the open and IT bros have 100% of the moral responsibility to not look at it.

It's unrealistic and more importantly unjust to blame the victim here.

load more comments (1 replies)
[-] XbSuper@lemmy.world 14 points 1 year ago

This is why I won't repair any device I can't fix myself (which unfortunately is most of them, I'm not very tech literate).

[-] HubertManne@kbin.social 9 points 1 year ago

if you are technical enough to replace a hard drive then when you buy a computer also buy an extra drive. day1 build your machine or recover to the new drive. keep original drive in case of repair need. it also helps to troubleshoot if your problem is hardware or software.

[-] XbSuper@lemmy.world 8 points 1 year ago

Lol, I barely understand the words you just said.

[-] meant2live218@lemmy.world 10 points 1 year ago

He's saying that if you can change a hard drive, then you can always just keep a spare one (with a clean OS install) on hand to use whenever you take it in for repairs.

Changing a hard drive is basically knowing where the hard drive is, how to access it, and then unplugging and replugging some cables. Fairly easy, and most newer cases have been designed to make it easy to reach the storage bays.

load more comments (12 replies)
[-] Clipboards@lemmy.world 11 points 1 year ago

Haha holy shit, the Canada Computers statement that photos weren't accessed inappropriately & that the employee in question was disciplined, shortly followed by a picture of the technician outright copying only these files to the USB drive. These people are scum

[-] Kolanaki@yiffit.net 6 points 1 year ago

This shit has been happening since I was still in high school, 20 years ago. Fuck these places.

load more comments
view more: next ›
this post was submitted on 20 Oct 2023
365 points (100.0% liked)

News

23409 readers
2365 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 1 year ago
MODERATORS