Rental computers spied on and photographed users, FTC claims
Posted on 26 September 2012.
Seven rent-to-own companies and a software design firm have agreed to settle Federal Trade Commission charges that they spied on consumers using computers that consumers rented from them, capturing screenshots of confidential and personal information, logging their computer keystrokes, and in some cases taking webcam pictures of people in their homes, all without notice to, or consent from, the consumers.

The FTC named DesignerWare, a company that licensed software to rent-to-own stores to help them track and recover rented computers. The FTC also reached settlements with seven companies that operate rent-to-own stores and licensed software from DesignerWare.

DesignerWare’s software contained a “kill switch” the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments. DesignerWare also had an add-on program known as “Detective Mode” that purportedly helped rent-to-own stores locate rented computers and collect late payments. The software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.

When Detective Mode was activated, the software could log key strokes, capture screen shots and take photographs using a computer’s webcam. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.

Data gathered by DesignerWare and provided to rent-to-own stores using Detective Mode revealed private and confidential details about computer users, such as user names and passwords for email accounts, social media websites, and financial institutions; Social Security numbers; medical records; private emails to doctors; bank and credit card statements; and webcam pictures of children, partially undressed individuals, and intimate activities at home.

In its complaint against DesignerWare, the FTC charged that licensing and enabling Detective Mode, gathering personal information about renters, and disclosing that information to the rent-to-own businesses was unfair, and violated the FTC Act. The agency also alleged that DesignerWare’s use of geolocation tracking software without first obtaining permission from the computers’ renters and notifying the computers’ users was unfair and illegal. It charged that providing the rent-to-own operators the means to break the law was unfair, and providing the fake registration forms to obtain consumer data was deceptive.

The seven rent-to-own companies were charged with breaking the law by secretly collecting consumers’ confidential and personal information and using it to try to collect money from them. Use of the bogus “registration” information was deceptive, the FTC alleged.

The proposed settlement orders will ban the software company and the rent-to-own stores from using monitoring software like Detective Mode and will ban them from using deception to gather any information from consumers.

They also will prohibit the use of geolocation tracking without consumer consent and notice, and bar the use of fake software registration screens to collect personal information from consumers. In addition, DesignerWare will be barred from providing others with the means to commit illegal acts, and the seven rent-to-own stores will be prohibited from using information improperly gathered from consumers in connection with debt collection.

“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”

Those named in the FTC’s complaints include DesignerWare; its principals, Timothy Kelly and Ronald P. Koller, individually and as officers of DesignerWare; Aspen Way Enterprises; Watershed Development; Showplace, doing business as Showplace Rent-to-Own; J.A.G. Rents, doing business as ColorTyme; Red Zone, doing business as ColorTyme; B. Stamper Enterprises, doing business as Premier Rental Purchase; and C.A.L.M. Ventures, doing business as Premier Rental Purchase.





Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //