What About Confidentiality of Data in Repair Centers?

Warranty

Bad day today… My iPhone died! Yesterday it was 100% functional and today refused to boot or charge!? No reaction event after a hard-reset and a few hours of charging… This irritates me at the highest level. Well!

No alternative, I went to my local dealer and explained the problem. Of course, they can’t do anything and my phone has to be sent to the repair center “for further analysis”.

After performing the required administrative tasks, I started the following conversation with the vendor:

Me: “And by the way, what about the confidentiality of my personal data?
Vendor: “I hope you have a backup, your phone will be returned erased!
Me: “Don’t care about my backup, but what about the data stored on the phone now?
Vendor: “Of course, it’s always best to clean up the phone before returning it to the repair center
Me: “I agree… But it does not boot anymore! I can’t cleanup it by myself!
Vendor: “Ah! Indeed…

Silence…

Vendor: “But normally, the engineer don’t read your data! Don’t be afraid! They cannot do this…

New silence…

Vendor (smiling): “And if the phone is dead, your data won’t be accessible anymore!

This conversation left me a strange feeling, almost as if my privacy could be violated!

Dear Mr Vendor, first, if the phone does not boot, it does not mean that the data won’t be readable anymore! And even digital supports affected by an hardware failure can still reveal interesting information. Second, you have to know that the weakest link in a security policy or company policy will always be the human. In our mind, “prohibited” == “tempting”. That’s the human behavior!

Today’s mobile devices are not used only to give and receive calls. They are part of your life and contains more and more sensitive data (SMS, e-mails, pictures, documents, videos, notes, …). And often, security of the same devices is kept at a very low level!

Do you remember this story?

2 comments

  1. Hi Jorge, to avoid the “all data are belong to us” problem, the only way is to encrypt all your data. If it can be easily achieved on a laptop (using TrueCrypt as example), things are more difficult on “closed” devices like the iPhone.

    It has already been demonstrated that the encryption algorithm used on the iPhone is weak and can be quickly cracked! And how to be sure that ALL the data is properly protected?

    Always clean your devices before sending them back to a repair center or sell them on eBay. There are so much bad stories of disks sold with confidential data! Worst case was mine: as my iPhone did not boot anymore, how to access/remove the data?

    PS: Yep, I disabled the registration for comments and added some tips (math) to avoid spammers. Thanks for reading me!

  2. Hi,

    Interesting point that you bring in…but I don’t see any easy solution for it. You’ll never have the assurance that NO ONE looked at your data when you send it for repair. Do you have any suggestions?

    All the best,
    Jorge

    p.d. I’m glad you removed authenticaton for posting messages ( I just realized this!)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.