dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
1518

lugnut
@communications.com

lugnut

Anon

Software on rented PCs can spy on you

»www.canadianbusiness.com ··· y-on-you
quote:
Software on rented PCs can spy on you

Two summers ago, Crystal and Brian Byrd, a young couple from Caspar, Wyo., leased a Dell laptop from a local franchisee of Aaron’s, a national rent-to-own chain. The two made all their payments on time, according to court documents, and by October they had paid enough to own the computer outright. But somewhere along the line at least one of those payments got lost, and just a few days before Christmas 2010, a manager from the rent-to-own store showed up at the Byrds’ apartment looking to take the computer back.

The confrontation that followed lasted just a few minutes, but it was long enough to spark a class-action lawsuit, a criminal investigation spanning at least three states and a major regulatory crackdown in the U.S. Now, for the first time, Canadian officials have confirmed they too are investigating the issues at the heart of the dispute.

According to a lawsuit the Byrds later filed, the manager, Christopher Mendoza, first demanded the Byrds return the computer. He then produced a picture, taken with the laptop’s webcam, of Brian Byrd using the machine. When Byrd demanded to know where Mendoza got the photo, Mendoza refused to answer.

It turns out the picture was taken using a program called PC Rental Agent. Developed by a rent-to-own store owner in Pennsylvania, PC Rental Agent allows store owners to shut down machines that have been reported stolen or whose renters are behind on payments. The program also comes with a feature called Detective Mode. Designed to be used only on stolen machines, it allows the rental stores to capture keystrokes, track locations and snap webcam pictures, all without the users knowing.

Shortly after the Byrds went public with their story, the Federal Trade Commission (FTC) started looking into PC Rental Agent. This fall, the agency launched an official complaint against the company that manufactures it, DesignerWare. According to the complaint, PC Rental Agent had been used to repeatedly “reveal private, confidential, and personal details” of computer users, all without their knowledge. Using Detective Mode, rent-to-own stores had captured screenshots of medical records, social security numbers and bank and credit-card statements. It gets more tawdry. “In numerous instances,” the complaint says, “Detective Mode webcam activations have taken pictures of children, individuals not fully clothed, and couples engaged in sexual activities.” One former store employee who testified at the Byrds’ lawsuit said she’d seen a picture taken of a woman sitting at her computer, smoking from a bong.

...snip...

DesignerWare was dropped from the Byrds’ lawsuit after the company declared bankruptcy. But that doesn’t mean the privacy issues with its software have all been resolved. As part of its complaint, the FTC revealed that DesignerWare had sold PC Rental Agent to 1,600 rent-to-own stores and installed the software on some 420,000 computers, including some in Canada.

...snip...

Kelly says he doesn’t know how many Canadian stores licensed the software, nor would the FTC reveal what Canadian stores were involved. In time, however, the office of Canada’s Privacy Commissioner may provide some answers. Spokeswoman Isabelle Moses says the commissioner is aware of the recent FTC settlement and of the issue in general. “We are currently conducting an investigation, initiated by the Privacy Commissioner, related to the use of this type of software in Canada,” she says.


Once again the government goes after the low hanging fruit, criminalizing the software company that wrote the software while totally ignoring the major hardware manufacturers who for the sake of saving a nickel per machine on a physical off switch or a privacy shield for webcams leaves every user open to exactly the same kind of spying from Chinese and Russian spybots and trojans.

Sometimes you really have to worry about a centuries old legislature trying to legislate privacy issues in the internet age.

Anyway, think twice before the next time you pick your nose at your computer
Robrr
join:2008-04-19

Robrr

Member

said by lugnut :

Once again the government goes after the low hanging fruit, criminalizing the software company that wrote the software while totally ignoring the major hardware manufacturers who for the sake of saving a nickel per machine on a physical off switch or a privacy shield for webcams leaves every user open to exactly the same kind of spying from Chinese and Russian spybots and trojans.

Sometimes you really have to worry about a centuries old legislature trying to legislate privacy issues in the internet age.

Anyway, think twice before the next time you pick your nose at your computer

I don't believe it is the responsibility of the hardware manufacturer to "protect" the end user from this kind of crap. You can buy the same laptop at Futureshop as you can Aaron's or any other store.

This really comes down to places like Aaron's implementing this sort of software and the government should be going after the rent-to-own stores exactly the same way they are going after the software maker given it was the rent-to-own that implemented this software.

XoX
join:2003-08-19
Qc, Canada

1 edit

1 recommendation

XoX to lugnut

Member

to lugnut
geez why stop there... With your 31$%"/!$% logic we could sue any hardware company if the user after that use it incorrectly because they did not install a gadget to stop them...

For example : Some one use a knife to kill a person so let sue the knife maker because they did not put a lock to stop every psychopath out there from using it the wrong way.

btw : a lock like you are talking would not have stopped key loggers and the like.

lugnut
@communications.com

lugnut

Anon

But the story is not about keyloggers. It's about webcam enabled spyware. A REAL invasion of privacy.

And manufacturers SHOULD take some responsibility on what they sell to people as "harmless and useful."

Like I said, it takes less than a nickel's worth of plastic to put a sliding shutter over a webcam lens or insert a physical cam kill switch on a laptop or desktop webcam. The only reason consumers aren't screaming for this feature already is because there haven't been enough publicized incidents where people actually realize they are being spied upon.

According to Panda Labs, 35.51% of ALL computers in the world are infected with some form of malware.

»www.tech21century.com/ch ··· e-world/
quote:
China on top of contaminated countries
The average number of infected computers around the world amounts to 35.51%, almost three percentage points lower compared with 2011, according to figures obtained by the technology of Collective Intelligence of Panda Security. China is again leader in this ranking (54.25% of infected computers), followed by Taiwan and Turkey


I don't want to argue over the nitpicking details of whether or not that number is accurate, but at the very least, there are 100's of Millions of infected machines out there whose owners haven't even the first inkling of a clue that they are even infected.

Potentially every single last one of them is an invasion of personal privacy of not only your bank info and CC#, but also your own personal image as you wander around your own home in the altogether.

Basically we allow manufacturers to get away with lazy, sloppy, dangerous hardware and software designs, because we are a lazy and sloppy people as a whole.
GBerry
join:2011-06-12
Guelph, ON

GBerry to lugnut

Member

to lugnut
It may take less than a nickel's worth of plastic but it takes maybe a penny for a PostIt or some paper and tape. It takes even less to manually disable/disconnect your webcam and have anti-malware software installed.

lugnut
@communications.com

lugnut

Anon

On a laptop you CAN'T manually disconnect the webcam and mic.

Even on some desktops it's a major pain to reach around under a desk to the back of the box to disconnect a webcam.

And the last thing you want to do is get glue all over an optical lens. Especially if you DO have occasional use for the webcam.

And finally, virus scanners are FAR from perfect. They allow more crap thru than they protect against on Windows boxes.

J E F F4
Whatta Ya Think About Dat?
Premium Member
join:2004-04-01
Kitchener, ON

J E F F4 to lugnut

Premium Member

to lugnut
It's not up to the manufacturers to prevent improper use of computer...as mentioned, it also had a key logger and obviously it used the wireless adaptor to send off information (including screen shots that would be unrelated to the webcam). The main culprit is Aaron's for putting this software on the computer, and the software company for selling this software for this type of use.

Even if the manufacturer was to make a physical covering for the laptop's webcam, Aaron's still would have got info. So, maybe make the keyboard useless and the internet useless, then they'd be safe.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot

Premium Member

I agree with you. The person responsible should be the person providing the system and if that person claims they can't scrutinize each system when they come back, they should take it to a place that can simply reimage it after every use.

Thane_Bitter
Inquire within
Premium Member
join:2005-01-20

Thane_Bitter to lugnut

Premium Member

to lugnut
No need to think twice about rent-to-own places, they are the most expense way to buy anything. The fact that they have added illegal wiretapping, surveillance, blackmail and coercion to their trade is disturbing, however these crimes do dovetail so nicely with loan sharking anyways, it seems a logical fit.

Even if the device had an off button it would almost certainly be a soft-off device (a physical input tied to the input like of some processing system) which could be changed via software (and therefore remotely) anyways.

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to lugnut

Premium Member

to lugnut
said by lugnut :

But the story is not about keyloggers. It's about webcam enabled spyware. A REAL invasion of privacy.

What...as embarrassing as it would be I'd rather someone have pictures of me picking my nose or whatever than have keylogged the logins to my bank and investment accounts.

The first would be embarrassing, the second could clean out all of my accounts.

lugnut
@communications.com

lugnut

Anon

said by pnjunction:

said by lugnut :

But the story is not about keyloggers. It's about webcam enabled spyware. A REAL invasion of privacy.

What...as embarrassing as it would be I'd rather someone have pictures of me picking my nose or whatever than have keylogged the logins to my bank and investment accounts.

The first would be embarrassing, the second could clean out all of my accounts.

Well considering that I've NEVER been stupid enough to do either my banking or my investing on my computer, PRIVACY IS my only real concern here.

urbanriot
Premium Member
join:2004-10-18
Canada

urbanriot

Premium Member

... if you think banking on a PC is stupid, how do you do your banking?

lugnut
@communications.com

lugnut

Anon

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

Wolfie00
My dog is an elitist
Premium Member
join:2005-03-12

Wolfie00 to lugnut

Premium Member

to lugnut
said by lugnut :

Well considering that I've NEVER been stupid enough to do either my banking or my investing on my computer, ...

LOL!

Know what the biggest security risk is in today's world? Not understanding technology. I present the above-quoted statement as "Exhibit A" of a prime example.

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS
Ubiquiti UDM-Pro
Ubiquiti U6-LR
Ubiquiti UniFi UAP-nanoHD

TLS2000 to lugnut

Premium Member

to lugnut
said by lugnut :

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

Secure landline? Are you joking?
Expand your moderator at work

lugnut
@communications.com

lugnut to TLS2000

Anon

to TLS2000

Re: Software on rented PCs can spy on you

said by TLS2000:

said by lugnut :

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

Secure landline? Are you joking?

At least two or three orders of magnitude more secure than your packets bouncing from router to router, from botnet to botnet.
lugnut

lugnut to TLS2000

Anon

to TLS2000
BTW comedians, it takes considerably less effort to plant a web bug in an advertisement that exploits an unpatched, undocumented, windows vulnerability than it does to tap a home phone line for the sake of stealing personal info.

So Bite Me!

Black Box
join:2002-12-21

Black Box

Member


Coming!
With great pleasure!

LazMan
Premium Member
join:2003-03-26
Beverly Hills, CA

LazMan to lugnut

Premium Member

to lugnut
said by lugnut :

BTW comedians, it takes considerably less effort to plant a web bug in an advertisement that exploits an unpatched, undocumented, windows vulnerability than it does to tap a home phone line for the sake of stealing personal info.

So Bite Me!

So, keep your AV and anti-malware up to date, apply patches as they are released, and set your firewall to the most restrictive settings that still allow normal use? Online computing 101.

As for the webcam 'concern' you've got - it's entirely possible to order a laptop without a built in one, and add an external USB one when you want to use it; and then remove it again after...

I do find it a little strange, that of all the angles and positions to take on this story, the lack of a physical off switch or cover over the built in webcam making if the hardware manufacturer's fault - NEVER would have occured to me...

cpsycho
join:2008-06-03
Treadeu Land

cpsycho to lugnut

Member

to lugnut
You have made me laugh so hard today it's not funny. It's easier to go through your garbage and find out your details. Secure landline, that's a joke.

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to lugnut

Premium Member

to lugnut
said by lugnut :

At least two or three orders of magnitude more secure than your packets bouncing from router to router, from botnet to botnet.

Those packets are all encrypted. You do know that all someone needs to do is connect a phone to your line and they can hear everything loud and clear right?

I also laugh when you mention no cordless. The scrambled digital signal of a modern cordless phone would be much harder to crack than to just splice your 'secure' phone line and listen.
Expand your moderator at work
peterboro (banned)
Avatars are for posers
join:2006-11-03
Peterborough, ON

peterboro (banned) to Wolfie00

Member

to Wolfie00

Re: Software on rented PCs can spy on you

said by Wolfie00:

Know what the biggest security risk is in today's world? Not understanding technology.

In that case I'm screwed.

On the other hand my family can't laugh at me anymore for putting electrical tape over any laptops lenses we get for all these years.

Wolfie00
My dog is an elitist
Premium Member
join:2005-03-12

Wolfie00

Premium Member

said by peterboro:

On the other hand my family can't laugh at me anymore for putting electrical tape over any laptops lenses we get for all these years.

And we thank you for it. What the world does not need is any risk of seeing peterboro See Profile with no pants.
peterboro (banned)
Avatars are for posers
join:2006-11-03
Peterborough, ON

peterboro (banned)

Member

Little chance of that as fortunately my head, including eyeballs, was installed at the opposite end of my body meaning my legs and gotchies would not be visible on a laptop cam.

That of course does not preclude the fact you may use a laptop in an unconventional means not replicated my myself.

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to peterboro

Premium Member

to peterboro
said by peterboro:

On the other hand my family can't laugh at me anymore for putting electrical tape over any laptops lenses we get for all these years.

While effective and foolproof there are ways to make sure it is disabled in software. For example if the driver is not installed, or the device is disabled in device manager.

Devanchya
Smile
Premium Member
join:2003-12-09
Ajax, ON

Devanchya to lugnut

Premium Member

to lugnut
lug, you are going a bit far not using Internet Banking.

Because you know what? That secure land line is going to someone in a bank who is filling in forms on a local network that is connected almost the SAME way as you are on your computer.

lugnut
@communications.com

lugnut

Anon

If the bank's network gets hacked THEY eat the loss.

If MY network gets hacked I'M left holding the bag.

And I openly laugh at the misplaced faith people put into software security measures and malware scanners which require hourly updates to even try and stay current.

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS
Ubiquiti UDM-Pro
Ubiquiti U6-LR
Ubiquiti UniFi UAP-nanoHD

TLS2000

Premium Member

I openly laugh at someone who thinks that it's more secure to use a telephone than a computer with encryption. You're not willing to trust your own ability to keep your computer secure, but you're willing to trust the phone company to make sure that an unencrypted phone line is secure from the point you initiate the phone call, until it gets to the bank.

I'd rather trust myself to keep my computer secure than trust Bell to keep my line "secure".