Press Releases

Device Insecurity: U.S. Personal Information, Passwords, Medical Data at Risk if Digital Keys to Devices are Made Widely Available, According to CompTIA Research Study

Sep 26, 2017

At Stake: Legislation That Could Affect Whether Hackers or Unscrupulous Repair Shops Gain Access to Private Information without Device Owner’s Knowledge or Consent

DOWNERS GROVE, IL – Millions of Americans increasingly store personal information – such as banking information, passwords and medical data –  on their devices, raising privacy and security questions about state legislative efforts to require electronics manufacturers to provide all repair shops with access to source information that could compromise those devices, according to new CompTIA research released today.

At issue is legislation in Massachusetts, Tennessee and other states that would require electronics manufacturers to offer the “digital keys” that unlock access to the inner workings of devices. Once compromised, that could lead to hackers and unscrupulous actors accessing information without the device owner’s knowledge or consent.

CompTIA research shows the scope of the problem:

  • 28 percent of consumers have banking or financial information on their devices.
  • One in four have passwords saved in a file or app on their smartphones/computers.
  • Nearly 15 percent have health insurance or medical information.
  • 77 percent have contact and other personal information on family, friends and co-workers.

The security and personal privacy challenge will only grow in coming years as millions of interconnected devices interface and communicate with each other – from the Internet of Things (IoT) to Autonomous Vehicles to Smart Cities and Artificial Intelligence.

“The last thing a person wants is for a bad actor to get access to their personal information because a family, friend or co-worker compromised their devices by allowing an unauthorized repair shop to tinker with their device,” said Liz Hyman, executive vice president of policy advocacy for CompTIA. “We must ensure that protections are in place that balance the needs of consumers to repair their devices while also ensuring that they remain safe and secure.”

Compromising a device has a ripple effect: from identity theft for key family members and friends to mass infrastructure outages due to IoT attacks to taking over vehicles or systems.

“Cybersecurity has to be a collective responsibility,” added Hyman. “We must ensure the right policies and regulations that don’t let a cybersecurity breach wreak havoc across society.”

The research was released as Massachusetts legislators debate a bill that would require manufacturers to share “repair technical updates, diagnostic software, service access passwords, updates and corrections to firmware, and related documentation, free of charge and in the same manner the manufacturer makes available to its authorized repair providers” with any product owner or repair shop.

The legislation appears to go against the goals of U.S. consumers, who want to make cybersecurity paramount above all else. The CompTIA survey revealed that safety and security are consumers’ highest priorities. More than 80 percent would be apt to choose safety and security over price and 65 percent would probably choose safety and security over convenience when selecting a repair shop.

In addition, a net 80 percent of U.S. consumers are concerned about privacy and security breaches at smartphone or computer repair shops. Despite the perceived risk, consumers seemingly do not have the means to protect themselves as 85 percent are concerned that they are unable to assess the reliability, professionalism and trustworthiness of repair shops and repair technicians.

CompTIA conducted an online survey of 1,000 U.S. consumers during the week of September 18th.  It has a margin of error of +/- 3.2 percentage points.

CompTIA: Building the Foundation for Technology's Future
The Computing Technology Industry Association (CompTIA) is the world's leading technology association, with approximately 2,000 member companies, 3,000 academic and training partners, over 100,000 registered users and more than two million IT certifications issued. CompTIA's unparalleled range of programs foster workforce skills development and generate critical knowledge and insight – building the foundation for technology’s future. Visit CompTIA onlineFacebookLinkedIn and Twitter to learn more. 

Contact:
Preston Grisham
CompTIA
pgrisham@comptia.org
202-682-4458