Millions of Americans increasingly store personal information on their devices, raising privacy and security questions about state legislative efforts to require electronics manufacturers to provide all repair shops with access to source information that could compromise those devices, according to new CompTIA research.

At issue is legislation in Massachusetts, Tennessee and other states that would require electronics manufacturers to offer the “digital keys” that unlock access to the inner workings of devices. Once compromised, that could lead to hackers and unscrupulous actors accessing information without the device owner’s knowledge or consent, the research said.

According to CompTIA research:

• 28 percent of consumers have banking or financial information on their devices.
• One in four have passwords saved in a file or app on their smartphones/computers.
• Nearly 15 percent have health insurance or medical information.
• 77 percent have contact and other personal information on family, friends and co-workers.

“The last thing a person wants is for a bad actor to get access to their personal information because a family, friend or co-worker compromised their devices by allowing an unauthorized repair shop to tinker with their device,” said Liz Hyman, executive vice president of policy advocacy for CompTIA. “We must ensure that protections are in place that balance the needs of consumers to repair their devices while also ensuring that they remain safe and secure.”

Compromising a device has a ripple effect: from identity theft for key family members and friends to mass infrastructure outages due to IoT attacks to taking over vehicles or systems, CompTIA said.

“Cybersecurity has to be a collective responsibility,” added Hyman. “We must ensure the right policies and regulations that don’t let a cybersecurity breach wreak havoc across society.”

CompTIA said the research was released as Massachusetts legislators debate a bill that would require manufacturers to share “repair technical updates, diagnostic software, service access passwords, updates and corrections to firmware, and related documentation, free of charge and in the same manner the manufacturer makes available to its authorized repair providers” with any product owner or repair shop.

According to CompTIA, the legislation appears to go against the goals of U.S. consumers, who want to make cybersecurity paramount above all else. The CompTIA survey revealed that safety and security are consumers’ highest priorities. More than 80 percent would be apt to choose safety and security over price and 65 percent would probably choose safety and security over convenience when selecting a repair shop.

In addition, a net 80 percent of U.S. consumers are concerned about privacy and security breaches at smartphone or computer repair shops. Despite the perceived risk, consumers seemingly do not have the means to protect themselves as 85 percent are concerned that they are unable to assess the reliability, professionalism and trustworthiness of repair shops and repair technicians, said CompTIA.

https://www.comptia.org/about-us/newsroom/press-releases/2017/09/26/device-insecurity-u.s.-personal-information-passwords-medical-data-at-risk-if-digital-keys-to-devices-are-made-widely-available-according-to-comptia-research-study