Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Of malware, hot steam, privacy, using one's brain and paedoparanoia

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

So I read today about an Apple Service employee that installed malicious software on his female customers’ lappys. The software then asked for the lappy to be placed “near hot steam”(!) to “clean an internal sensor”.

Guess what. Ladies then actually took their lappys to the bathroom while they were taking showers. Yes, nude photos were made with the built-in webcam – that was the whole idea.

Now, in the later section of the linked article one can read that for instance Geek Squad has a policy of searching their customers’ computers and reporting any and all allegedly illegal material found. That means (among others) child pornography, obviously.

The Perfect Storm

Okay, let’s go out on a limb here and imagine what could happen with those combined:

  • a 14yo girl’s father takes her MacBook to an Apple Service where, incidentally, our little “voyeur” works;
  • lappy gets a servicing and some malicious software treatment;
  • back at home, the 14yo daughter gets the “place near hot steam” message and promptly – probably after consulting her father – takes her MacBook to the bathroom while taking a shower;
  • nudie pics are made – those qualify as child porn;
  • some time later the father, for one reason or the other, takes the MacBook to Geek Squad;
  • GS finds alleged child porn and reports the father to the authorities.

Prosecution, persecution and stigmatization ensue. Family is ruined. Father is finally found not guilty, but after many years of trial and being treated as a paedophile. Probably loses his job and acquintances in that time.

What went wrong

Obviously the guy in the Apple Service shouldn’t have installed the malware. But that’s just the tip of the iceberg, and that is what is really scary.

First of all, people should have some minimal understanding of the technology they use, and make some use of their brains. I’m not talking about understanding how a NOR gate in a CPU works, I’m talking about “electronics and hot steam? that doesn’t sound right” kind of mental process.

Secondly, come on, when you’re sending your electronic device for service, you should at least clean it up a bit (if that’s possible, obviously); nobody will respect your privacy if you yourself won’t.

Then there’s the Geek Squad sifting through people’s private stuff. It’s as if you ask a plumber to fix the drain and he starts looking in your basement for clues of a possible murder. His job is to fix the darn drain, not to be a self-appointed criminal investigator, and if he thinks otherwise, well, that’s trespassing – isn’t it.

And finally – but I guess most importantly – the continuous paranoia about paedophiles everywhere. This is exactly what apparently justifies the Geek Squad to invade ones privacy during PC servicing; this is exactly what causes the father to be stigmatized, family to be destroyed, before the verdict is brought in. This is what changes “innocent until proven guilty” into “paedophile once alleged”. This is what caused a paediatrician to be harassed and driven out of her home, seeking police protection, after a mob mistook “paediatrician” for “paedophile”.

This, and not using ones brain.