Nothing is more terrifying than realising that the personal and sensitive images you had hidden on your phone have been uploaded to the Internet and are visible to the public. It’s much worse when the occurrence occurred as part of what should have been a reliable mechanism between a consumer and a reputable organisation. At least two Pixel phone owners have lived in a nightmare for the past few days, but Google has confirmed that Google workers or authorised repair experts did not trigger it.
When you send your phone over to someone else for repairs, there is always a danger, which is why most businesses insist that you only utilise services that they have vetted and authorised. Sending the device by mail adds risk, as anything can happen between point A and point B. Most individuals are concerned about their phones being delayed, damaged, or lost, but few anticipate their phones being hacked.
There was a lot of speculation about what caused these incidents, but the common thread was sending broken and unsecured Pixel phones to be repaired by mail and then having the patched phones broken into. The worst-case scenario involved an unnamed Pixel owner whose wife’s compromising images were shared on social media. That was the unfortunate case for two Pixel phone owners, including Jane McGonigal, a game designer and novelist whose tweets helped bring much-needed attention to the occurrences.
The authorised repair facilities involved, both of which were purportedly based in Texas, were inevitably blamed. On the other hand, Google has issued an official response to The Verge rejecting such allegations. It stated “confidently” that it had nothing to do with its Return Merchandise Authorization, or RMA, process, which is used to send a broken phone to be repaired. Regrettably, it does not delve into greater depth on the subject.
The subject of where the hijacking took place remains unanswered. Google will provide special instructions for consumers who are unable to wipe their phones before shipping them away, according to McGonigal. The Pixel phones didn’t usually work in both cases, preventing the users from performing the suggested factory reset. PINs or passcodes were not used to protect either.
These planned guidelines could go a long way toward securing broken phones before they’re mailed in for repairs, but that assumes that owners will follow them or are even aware of them. It is also Google’s responsibility to ensure that every step of its RMA procedure is secure, even if the phone hasn’t been secured, particularly at these times when mail-in services may be more secure.
Source: theverge | Jane McGonigal