back to article PC rental store hid secret spy hardware in laptop, suit says

A Wyoming couple has filed a federal lawsuit claiming a computer they purchased came with secret spying hardware that allowed the seller to monitor their every move. According to the complaint, Brian and Crystal Byrd first learned of the snoop device when they received a visit at home from a manager of the local Aaron's rent-to …

COMMENTS

This topic is closed for new posts.
  1. kain preacher

    Wow

    I hope they take the company to the cleaners .

  2. Anonymous Coward
    Heart

    Can anyone at El Reg...

    PLEASE find out what the hell this device is, is it using SMM, AMT or some other Intel technology as alleged and is it really that hard to remove?

    1. Jason Rivers
      Coat

      it can be removed....

      .... Just give me a big hammer :)

    2. richard 7
      FAIL

      I thought that too

      I also thought, to paraphrase....

      'He's making it up as he goes along'

      I doubt there is any motherboard mod involved. Possiby tie ins to the management function in some lan cards but those machines are normally Broadcom chips. More likeley its some clueless oik misunderstanding whats going on. Its a shame as TBH the company is in the wrong, but if he insists on this line he may well loose just on the basis of it being proven to be bollocks :(

      Oh, And soldered to the motherboard = impossible to remove? Hmm, better recall all those laptops repairs I've done and tell the owners they were impossible.

    3. CaptainHook
      FAIL

      Easy Installation

      I don't know about you but easily installation (as advertised on the DesignerWares website) and soldering stuff to the motherboard in a laptop (so very little spare space) doesn't really go hand in hand.

      I bet this is just software running on a hidden partition, if it can restore Windows (another claim for the website) then it must have access to reasonably significant amount of storage which again points to hidden partitions.

      If it is just software running in a seperate partition to the OS, then a simple reform of the primary disk should clean it out.

      1. Anonymous Coward
        Stop

        Re: Easy Installation

        Remember Computrace and their LoJack? Fairly easy to install but hacking together custom BIOS image to fully get rid of it is not for the faint hearted.

        Also, read about Intel AMT: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology

        Fully switching it off requires one to fiddle with a jumper on a motherboard and it's fully capable of re-installing your chosen software agent on any OS.

        Now, I don't think so this particular product does all that because the company doesn't seem reputable. But you never know.

  3. jake Silver badge

    People convicted of this kind of invasion of privacy atrocity ...

    ... should be placed in stocks in public squares, with a ready supply of rotting fruit for passers by. And then taken out behind the barn and whipped. And then jailed for at least a decade.

    1. Anonymous Coward
      Anonymous Coward

      I smell bullshit.

      The line about it being soldered to the mobo sounds like bullshit to me, I think this is purely software driven and talking about a physical device it's just spin to make people believe a simple OS reinstall wont remove it.

      1. Thomas_Kent
        Big Brother

        Or...

        it could be the lawyer just throwing everything+the kitchen sink at it to see what sticks.

        Big (Corporate) Brother is watching you.

  4. datadog

    Hold the computer manufacturers responsible for these spycams.

    Who asked Acer, et al, to install this garbage on their PCs? There is no status indicator of any sort, to alert you that it's turned on. There are no on/off buttons -- no control interface whatsoever. I had to go into device manager to disable the spycam. Even so, I'm never sure if it's turned on when I visit a website, chatroom, or message board.

    If you choose to be in pictures, webcams with USB connectors are readily available for $15, which allow YOU to decide if and when the webcam should be turned on.

    Meanwhile, these laptop manufacturers should be listed as co-defendants in any class action against Aaron's, as they are at least as culpable.

    1. Ragarath
      WTF?

      Conspiracy much?

      Oh come on, should they remove all input devices on the machines. After all, they can all be used to record what you are doing on the computer in question.

      It is the software that is at fault here not the hardware. If your that fussed about it do a clean wipe when you buy your laptop and install a vanilla OS (you should do this anyway to get rid of the bloat.)

      If your visiting a website / chat room that is activating your camera I suggest you check on your security practices as well.

      The firmware may have something if they can really be arsed with it but come on what would be the point?

      1. datadog

        Not all Ragarath

        Just this one. The two others that are built in -- keyboard and CDDVD/RW -- both require user input to function. Typing for the former, and insertion of a disc for the latter.

    2. serviceWithASmile
      Linux

      sigh

      is this a troll?

      assuming not, please read the article prior to posting, thankyou.

      going on what you've written you seem to be confusing a built-in webcam on a laptop with some malicious [soft/mal/firm]ware that abuses said webcam to take the privacy-invading pics.

      the cam is just hardware that is there to use as / when you choose, whereas here it seems another device or some clever software (neither the article nor the manufacturer is clear about that) is abusing that hardware to achieve this result. So far, this is contained to this particular Arran's store rather than, as you imply, all laptops.

      suing acer for this would be like suing canon for invasion of privacy when pictures of celebs appear in magazines, rather than the photographer who took them.

      not all laptops blatant spying devices - crysis averted, world still OK, bin laden dead.

      nothing to see here...

      if this doesn't reassure you, install linux.

      1. datadog

        More like installing a camera in your restroom

        A chap across the pond is doing time in the slammer for doing just that.

        http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBwQFjAB&url=http%3A%2F%2Fnate-shaw.com%2Freal-estate-news%2Freal-estate-former-real-estate-mogul-headed-to-jail%2F&ei=KW_ETbyBFYT4sAOyr8m_AQ&usg=AFQjCNElW59qHTwW8E2JVBBYPGhId9pAMg

    3. philpem
      Boffin

      Easily fixed...

      Gaffer tape to the rescue!

      A wee bit of tape over the camera, and they won't be able to see a damn thing.

      Except, of course, the screenshots from your bank's Online Banking webby-sitey thingy. Oh, and that nice little key-logger dump of you logging into online banking in the first place.......

      1. datadog

        A built in shutter blind designed by the manufacturer would be better.

        Don'tcha think? ;)

    4. dssf

      Cams & Mics

      That's why you place black electrical tape (or chassis-color-matching tape) over the cam & mic pin hole.

      As for mobo chips, I personally suspect they are ALL chipped per various nations' security and backdoor implementation laws. Most people won't suspect and some won't care. Those who do will just have to be careful just in case they are someday monitored. But, for all we know, those chips and software could be keystroke havens waiting to be activated on remote command. The disk drives are huge enough to hide highly compressed invisible partitions to capture and to store key words. Imagine if that were so, then the next likely event would be surreptitious slipstreaming of a few hundred kb here and there until the periodic booty lift is made.

      i bet ms recovery partitions are an excellent LE and hacker/cracker trove.

  5. Anonymous Coward
    Flame

    Hang 'em high

    If this is true, the company concerned deserve a severe roasting or worse. I'm not too impressed with the developers either ; there can't be any legitimate reason for such capabilities to be installed in devices for the use of a private company, so they are on dodgy ground selling the stuff.

    And as AC 05:03 says, can anyone shed some light on the technology used? Very interesting if there are specific capabilities built into the chipset/motherboard.

  6. Neil Barnes Silver badge
    Boffin

    Soldered to the motherboard?

    Or a small hidden application that just activates the built-in camera? *One* of these approaches is much simpler than the other...

  7. PerfectBlue

    Again?

    I wonder if there is a forum available that tells users how to block this system using the Firewall feature built into most quality home networking kit?

    Personally, my money is on the rental company having "disclosed" the tracking feature in the small print (in some totally obscure and non obvious way).

  8. Drefsab

    hmmm

    I wonder how it works, if it use the network then it would be simple enough to set a firewall that blocks and logs it to see what its doing. If its using 3g then its going to need some form of sim card which can be removed.

    Plus what happens when someone is using say linux surely this device to capture the mentioned information would have to interface with the OS on some level.

  9. Drefsab

    odd

    also their website mentions nothing about any hardware device, it sounds far more like a software package installed on-top of the operating system (ie childs play to remove).

  10. Anonymous Coward
    Pint

    Hmmm...

    "According to the suit, the PC Rental Agent device can't easily be removed from computers because it “is soldered into the motherboard and/or is part of the Intel chipset.” It can be deactivated only with the wave of a wand that isn't available to the public."

    Bollocks........Until proven otherwise....

  11. Anonymous Coward
    Anonymous Coward

    Hmm I wonder if my sofware is illegal?

    I've installed a script on my laptop that takes a snapshot every 10 seconds for 2 minutes when its booted up. These are sent to an email account as they are taken.

    The reason? No matter how security conscious I am there is always the possibility that some thieving bastard will manage to get their hands on my laptop. I might not be able to stop them but at least with this I might catch them afterwards.

    1. Lamont Cranston

      I trust that if you were to sell your laptop,

      or lend it to a friend, you'd at least let them know about your anti-theft measure, and show them how to disable it?

    2. Cameron Colley

      Why pictures?

      Do you know all the local crims and where they live and hang out? Also, how do you know the machine will be internet connected before the OS is wiped?

      1. Alpha Tony

        @Cameron Colley

        Just what I was thinking..

        In fact the only way to give the script a chance would be to have no OS password (as if it was password protected they'd almost certainly just format it without connecting to the web), which would in turn put all your data at risk....

  12. A J Stiles
    Coat

    WTF?

    How did that survive an OS reinstallation?

    I mean, the purchasers did reinstall the OS as soon as they got the box home ..... didn't they?

    Mine's the one with the folder of assorted Linux Live CDs in the pocket.

    1. Pawel 1

      Welll...

      You should read some horror stories about Computrace LoJack...

    2. richard 7

      Not hard. Malware can.

      Its not too difficult. Unless specifically told to Windows wont format a partition on install. OK XP asks but vista onwards wont and just goes over the top. This means alsorts can survive and indeed I've had Malware survive hidden in folders and the MBR. I should imagine bunging an autorun.ini in a hidden partition could be used to affect something similar. If the drive is properly formatted and not quickformatted/overwritten it becomes harder but you are assuming something didnt become resident when you booted from the cd. You assume that the BIOS booted the CD and not some nasty little bit of software thats made it look like the bios did it and is now in residence ready to drop itself down to the disk again.

      Hidden flash drive/SD card? theres the soldered to the board angle and its something we use on our embedded systems for a recovery os system. SD card in the system then the hole covered with a rubber bung. I notice a few laptops of late (I'm looking at dell here) have had embedded flash.

      There are a myriad of evil ways to keep things ticking over if you are determined and savvy enough although as previously posted, I dont think these guys are. My bets are on a simple hidden partitionand a linux/hirems based disk erase will nuke it.

  13. karl 15
    Black Helicopters

    Tip of the iceberg

    This is only a small percent of what PC users know.

    Remember the games console that had a chip that could be turned in to a mic

    Remember Eastern Europe, a free phone in every home = a mic in every home.

    And now we have PC's in almost every home... free laptops anyone?

    The hardware still needed software to drive it, so what was the anti spy-ware, anti virus software doing then???

    1. ArmanX
      Thumb Up

      Free laptops?

      I'll sign up for that! It's like any other hardware given away... five minutes in, I'll have that thing stripped of any 'call home' software, and another new toy :-D

      So if you see any free laptops, let me know... ;-)

  14. Anonymous Coward
    WTF?

    Plausible, but...

    This was sort of plausible until I got to “is soldered into the motherboard and/or is part of the Intel chipset.”

    Googling revealed a "www.pcrentalagent.com" website, but our company firewall flags it as a malicious site, not to be visited, so I didn't look further.

  15. Mark Berry
    WTF?

    What am I missing?

    So, the store manager went to visit them about missed payments, which the couple claim they had not missed. At some point they must have claimed they had not been using the computer, so the manager said "Ah ha, but you have, we have this picture of you using it on xyz date and time." or something along those lines I'm guessing?

    If they had made the payments, why didn't they just show the bank statements proving it, in which case the manager, unless he was a complete idiot, would never have gotten to the point of showing them the picture.

    There seems to be something missing, or I'm missing something. Or maybe the manager really was that stupid.

  16. Big_Boomer Silver badge
    Alien

    Stupid people

    What on earth makes people think that Webcams are a good idea?

    I have one built into my work laptop and it is disabled using Device Manager so no matter what software is installed it won't work.

    I'm sure it is possible to re-enable it if ya know what yer doing but not likely.

    I often wear a tin hat as well to keep the aliens from scrambling my brain! <LOL>

    1. Pawel 1
      Coat

      "it is disabled using Device Manager so no matter what software is installed it won't work."

      Not exactly. Even if there weren't other methods available, how hard do you think it is for some software to re-enable all devices of the type "camera"?

      http://stackoverflow.com/questions/1438371/win32-api-function-to-programatically-enable-disable-device

      Mine's the one with a pack of blu-tack in the pocket.

  17. GettinSadda
    FAIL

    Does not compute!

    According to the site linked from your article:

    a) This is a software-only solution - no hardware is installed

    b) The software allows remote disabling of the PC and also (if required) pressing F3 (presumably during boot) will restore a clean Windows image.

    So, no mention of webcams, screenshots or added hardware.

    Something is very fishy here.

    1. Maty

      thank you

      After reading the story, I too went to the Rental Agent site. The service described there in no way resembles the stuff described in the article.

      There's a total disconnect between what this company says it does and what it is alleged to have done. If I were a lawyer, I'd be sharpening my writs.

  18. Christoph

    "Because we can"

    Someone had a 'bright' idea, and they just went ahead with it. Because it was possible. Because they could track what their customers were doing and hard-sell them even more stuff.

    And not one single person stopped for a moments thought and then said "Are you out of your tiny little minds?"

    1. dave 46

      Not for tracking habits

      But for identifying where your machine is when the guy renting it disappears.

      It's not unreasonable but should 1) be up front about it and 2) strictly controlled and only used when the rental agreement is breached.

      To be legal the agreement would need to be explicit and that might well tip off the user (i.e. if they decide to nick it, the'll wipe the HD before doing anything else - soldered to the motherboard my arse).

  19. timrusti
    Thumb Up

    Blu-Tack is your friend

    Simple solution. Small blob of Blu-Tack on your laptop's webcam & mic will foil even the NSA!

    1. datadog

      Why should someone have to deface his property with goo or tape?

      Just to ensure this unwanted POS isn;t spying on them? Most users don't want this on their laptops, and have never asked for it.

      If these computer companies have excess change burning holes in their pockets, why not spend it on upgrading the usually-abysmal customer support, or providing genuinely desired features such as illuminated and spill-resistant keyboards, and fingerprint security -- features that currently only show up on their most expensive notebooks?

      For THIS problem -- which they've wholly created -- computer manufacturers should rewrite their drivers to include a control interface, a status indicator, and a shutter for the camera lens. Don'tcha think? ;)

  20. Captain Scarlet

    hmm

    Did it turn out they had paid their rental agreement? All it said was they were behind on payments?

    1. datadog

      They paid.

      "Crystal and Brian Byrd found this out the hard way in 2010 when they rented a Dell Inspiron laptop from Aaron's, which they paid off in full in October of 2010—one month ahead of schedule. Aaron's didn't record the last payment correctly, however, leading an Aaron's store manager to show up at the Byrd home in December in order to repossess the computer. The store manager then produced a photo of Brian Byrd using the machine, taken with the Inspiron's webcam, as apparent "proof" that the Byrds were still using the computer.

      The Byrds ended up calling the police, and an investigation later concluded that Aaron's "routinely installed the PC Rental Agent" on all of Aaron's rent-to-own computers. Law enforcement confirmed that the product indeed permitted the company to routinely take webcam photos, screenshots, and log the keystrokes of its customers without their knowledge or consent. "

      Here's the article http://arstechnica.com/tech-policy/news/2011/05/lawsuit-computer-rental-store-aarons-spied-on-users-at-home.ars?comments=1&p=21608023#comment-21608023

  21. dssf

    Cams & Mics, 2

    Unfortunately, screen scraping and stream ripping cannot be stopped by black tape...

  22. Framitz

    hardware?

    "Now you can. PCRental Agent® is software that you can install on all your rental computers that can be remotely managed from our website and allows you to lockdown a customer’s computer. Once locked, the computer cannot be used until they enter a password. Since you control when the computer gets locked and the password, customers will need to contact you and you can control when they get the password to unlock the computer. No more broken commitments, skipped customers, stolen computers. "

    Somebody is making crap up concerning a device attached to the motherboard..

  23. EJ
    FAIL

    "the North East, Pennsylvania company"

    Erie is located in northwestern Pennsylvania, not northeastern PA.

This topic is closed for new posts.

Other stories you might like