As reported by Ars Technica, a new study by Researchers at the University of Guelph in Ontario, Canada, looked at the logs from laptops that had received overnight repairs from 12 shops (national, regional, and local) in the greater Ontario region between October and December 2021. Disturbingly, not only had technicians from six of the locations accessed personal data, but two of them had also copied data onto a personal device. The report found that workers were more likely to access personal data if the item being repaired belonged to a female customer, and they tended to seek more sensitive data in these instances, including both sexually revealing and non-sexual pictures, documents, and financial information.

The actual figures could have been even higher as the researchers visited 16 shops, but two of the laptops’ logs were unrecoverable, and two outlets performed repairs on the spot rather than keeping the devices overnight. In three instances, the technicians attempted to hide their snooping by deleting Windows Quick Access or Recently Accessed Files. In the case of the unrecoverable logs, one worker said they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device,” while the other gave no explanation. The only issue with all the laptops was that the audio driver had been disabled, a simple-to-repair problem that certainly doesn’t require access to personal files. Half the machines were made to appear as if they came from male owners and half from female users. The researchers added documents, both sexually revealing and non-sexual pictures, and a cryptocurrency wallet with credentials, as well as custom logging software. Another worrying part of the study involved taking a laptop into a shop for a battery replacement, a simple procedure that doesn’t require access to the OS. When asked if the work could be carried out without giving a password, three refused to carry out the procedure if the customer didn’t hand it over, four agreed but warned that they wouldn’t be able to verify their work or be responsible for it, one asked for the password to be removed, and one said they would reset the device if it was required. The report is a concerning one for anyone thinking about taking a device for repairs: almost all locations asked for passwords when they’re weren’t required, half the shops snooped on personal data, several attempted to hide/remove evidence of snooping, etc. But then, this sort of thing isn’t new. In June last year, Apple paid an Oregon woman millions after two employees at Pegatron, one of Apple’s major repair contractors, posted explicit images and videos of her to social media using an iPhone she sent in for repair. It’s these sort of incidents that led to Samsung rolling out Maintenance Mode for its Galaxy devices, which can block access to sensitive information including photos, contacts or messages. Masthead: Difught