A new study by a professor at the University of Guelph (Ontario, Canada) indicates that taking your computer to a repair facility may expose your personal information on the system.
The study was conducted by Dr. Hassan Khan of the College of Engineering and Physical Sciences and involved 18 service providers ranging from national electronics chains to small local stores. Computers were rigged with disabled audio drivers, a quick and simple fix not requiring extensive examination of the computer to fix. The devices were also rigged with log files tracking what the repair technicians did with the computer.
While a small study, the findings are worrisome.
Key highlights include:
- None of the service providers have procedures in place to guarantee the confidentiality of information on the computer brought in for service.
- In half of the cases, technicians looked at files that had no relation to the repair.
- In several cases, technicians copied files from the computer being repaired to another device.
- In one case the copied files included saved passwords for applications and websites.
- Privacy was more likely to be violated if the person bringing the machine for repair was female.
On that last point: gee, I wonder why, don’t you?
The recommendations from this study are:
- If the device is being handed over to a third party, all sensitive content should be encrypted or transferred to another device before the machine is given for repair.
- Many repairs can be handled through screen sharing without actually giving possession of the device to someone else. Screen sharing allows you to watch what the technician is doing.
The study makes a strong case for buying an external hard drive, which is in fact what I use to protect client information. The hard drive is simply detached when not in use, making it virtually bulletproof against hackers or errant technicians.
Reblogged this on Ned Hamson's Second Line View of the News.
Very informative – thank you!