Rental laptops equipped with spyware that can covertly activate the webcam and take screenshots

A furniture rental chain called Aaron's Inc. is being sued for allegedly installing hardware- and software-based spyware on the laptops it rented, and using them to log keystrokes, take covert webcam photos and screenshots, and transmit them to the company's offices. The suit was brought by Brian and Crystal Byrd, whose payments for their rented laptop were allegedly pocketed by a corrupt employee; the employee's manager believed that they were in arrears on their laptop payments, so he came to their home to repossess the machine, and stressed the seriousness of his claim by showing them photos of the couple that had been covertly snapped with the machine's webcam.

The Byrds have initiated a class-action suit on behalf of other Aaron's customers who've been spied upon by their rented laptops. They emphasize their distress at the idea that photos of them and their underage children, undressed or partially clothed, might have been taken and transmitted to Aaron's without their knowledge or consent. I assume the case will also make reference to banking passwords, privileged attorney-client communications, and other confidential material that Aaron's had the potential to intercept.

That's when the Byrds contacted police, who, their attorney said, have determined the image was shot with the help of spying software, which the lawsuit contends is made by North East, Pa.-based Designerware LLC and is installed on all Aaron's rental computers. Designerware is also being sued.

"It feels like we were pretty much invaded, like somebody else was in our house," Byrd told the AP. "It's a weird feeling, I can't really describe it. I had to sit down for a minute after he showed me that picture."

Aaron's, which also manufactures furniture and bedding, said it believes that none of its more than 1,140 company-operated stores had used Designerware's product or had done any business with it.

Pa. suit: Furniture rental co. spies on PC users (via Consumerist)


  1. That last paragraph is a pretty important detail, and suggests that the spyware might not have come from the furniture store.

    Unless their legal team are absolute idiots, it makes very little sense to make such a claim, unless it’s true. A few subpoenas would very easily show the relationship between Aaron’s and Designerware if it exists. Obviously, such a bold-faced lie would look very, very bad to a judge and jury, and would likely spell doom for the company.

    Let’s let the courts do their job before slandering this company.

    1. That last paragraph is a pretty important detail, and suggests that the spyware might not have come from the furniture store.

      Yes, of course, the manager’s images came from Wikileaks, which has been clamoring for information regarding computer repossessions by US consumer electronics stores for some time now.

    1. Last time I bought a Dell, I did it on monthly payments of about $20. If I doubled my payment and paid it off within 18 months, there was no interest at all.

        1. That’s my point; they could have bought for less than they were paying to rent.

  2. Seriously, who would rent a laptop? You can get a pretty nice new laptop for $400. You can get them used on e-bay for probably starting around $100. Not to mention the troubles of getting data off the thing once you want to bring it back, or worrying what will happen to that data.

  3. Obviously the store manager knew of the software since he had the pictures.

    But how was he using the pictures to ostensibly show the couple was “in arrears” on their payments? There was a photo of them NOT signing a check every month, perhaps? I don’t’ get it.

    1. Apparently the photo was used as evidence that the customers were using the computer after they had stopped making payments.

      Not sure why that would be significant, either they’re paying for it or they’re not, but that’s the logic that was presented in some of the news coverage of the incident.

      1. My first assumption would be that the manager was showing them the photo in a simple attempt at intimidation- “Don’t mess with us ’cause we have the goods on you.”

        Clearly, some people in the company knew about it, because they paid for the software. Now it becomes a game of “who knew what and when”- so naturally the company cops the Sgt. Schultz defense, and as long as nobody talks, they’re safe.

    2. There was a photo of them NOT signing a check every month, perhaps? I don’t’ get it.

      This is exactly what ran through my mind when I was reading that bit of the article.

      Funny and sad how stupid people can be (the manager I mean).

  4. I’m most offended that Aaron’s picked a dog as a mascot. What a terrible name for a dog.

  5. What if… they agreed to ‘transmission of data’ in the EULA/rental contract they signed?

  6. Rule 4: If you are going to be partially clothed in front of a computer put a piece of tape (no not transparent) over the camera.

  7. I agree that we should wait for the evidence, but the claim seems plausible. A similar article on the PC Magazine website has the following:

    “An investigation determined that Aaron’s routinely equips its rental computers with a PC Rental Agent to remotely monitor the devices. The PC Rental Agent, a product of Pennsylvania-based DesignerWare LLC, is capable of logging key stokes, taking screenshots, and snapping webcam pictures. It can also lockdown and track a computer to add in a device’s return in case on non-payment. The Byrds are also suing DesignerWare.”,2817,2384885,00.asp

    The article isn’t clear if these are just allegations by the plaintiff’s investigators, or if PC Magazine has independently verified this information. Regardless, it should be pretty easy to prove in litigation, if true.

    The website for PC Rental Agent looks pretty sketchy, by the way. It doesn’t mention the ability to access the webcam, but it does discuss lots of other ways that it’s locking down the computer. My favorite part is the FAQ:

    “Q. Should I tell customers about PCRental Agent?

    “A. That’s up to you; some rent-to-own dealers like to make their customers aware of it thinking this will help defer them from doing acts that would force them to activate the Agent. Others don’t reveal it.”

  8. What about people who have a laptop assigned by their workplace, which owns it, a laptop used by the employee for their personal stuff as well as work stuff? Is there a way to tell if it has such spyware? And, upon returning it, is there a way to strip all info from it?

    1. I always assume that a work-assigned computer has software similar to this. Work computer and my personal computer with my personal information are very separate things. This is also why I don’t make personal calls from a work-provided cell phone.

      As to whether you can uninstall all your stuff when you hand it back? Well, you can certainly try, but unless you actually rewrite over all the sectors on the hard drive, your stuff can likely be pulled back with readily available recovery software.

      As Kwame Kilpatrick will tell you, ya gotta keep it separated.

      1. Depending on the workplace, absolutely. All our laptops at work have Prey installed on them, unremovable by a user. If a user has a laptop permanently assigned to them, I’ll explain to them what it is and what it involves: If their laptop gets lost/stolen, they’re to notify me immediately so we can get as much data as possible. If they leave the company without returning the laptop, it will be Activated and the computer will be essentially unusable (until they re-install). I mention that the webcam has a little light next to it, and that if it’s ever on without them activating a cam they should let me know immediately. We have all our iphones hooked up to ‘find my iphone’ with the same setup.

        It’s a tricky sort of issue to manage. It’s come in useful a few times for recovering hardware and wiping what’s truly lost, but there’s no real accountability in ours. If I went in and just watched the gps co-ordinates of iphone users, there’s nothing to stop me. If I wanted to take screenshots of work laptop screens with Prey, there’s no uneditable admin log that’ll note down what I do to be reviewed later on by superiors.

        We’re just a smallish non-profit (I’m the only IT guy), but we still need that accountability that’s so hard to find in cheaper products. I want to be able to back our use of the systems with hard data showing exactly when and how they’ve been activated, both to cover my own arse and to make sure the company is safe when I eventually leave and somebody replaces me.

    2. I’ve been in corporate IT for over a decade, and I’ve seen it all.
      People shipping their laptops back to the PC support guys for work with porn DVD’s still in the player. One guy had gigs of x rated movies on his laptop that he BACKED UP to a file server. Naked photos of people. And yes, unicorns (seriously).
      To answer your 3 questions:
      Don’t put stuff you wouldn’t want anyone to see on there.
      Yes, but it’s doubtful they installed anything. I’ve never seen that even at government contractors, big pharma or health care companies.
      Yes, but a lot of companies frown on people wiping their hard drives before surrendering a PC back to them, especially if HIPAA rules or some such thing applies where one works, etc.. Generally it’s email they are after (and everyone uses Exchange and that’s backed up nightly) or data that was stored on a file server (which is also backed up nightly).

      1. I don’t recall ever seeing a clothed unicorn, so the idea of naked unicorns puzzles me. Shaved unicorns perhaps? And of what gender? Owing to the phallic connotations of a single horned mythic beast I’ve always assumed, until just now anyway, that all unicorns were male. Hmmm. I guess I’m uni-curious.

  9. The spying is messed up, but why would you rent a laptop? Reminds me of those ‘no credit’ pcs advertised on tv. “No money, no credit, no problem! Just pay us $49.99 debited directly from your checking account for the next 60 months and we’ll give you a $500 computer. Heck even throw in a free printer.”

  10. You’re outraged now? Consider how this will play out:

    — A class-action suit will be filed on the behalf of, say, 10,000 customers.

    — Aaron’s will settle for $500,000.

    — The plaintiffs’ lawyers will collect their standard percentage, $200,000, in cash.

    — Each of the class-action plaintiffs will receive a coupon worth $30 off their next computer rental at Aaron’s.

    The numbers will vary; the injustice will not.

  11. But but but I thought the Supreme Court ruled class action suits were unconstitutional.

    1. That’s not what they ruled at all. They ruled that companies can write contracts that preclude individuals from joining class action lawsuits against them.

      So for instance, you work at Wal-Mart and you and your co-workers are working unpaid overtime (this happened recently and a friend of mine received part of the settlement from that case). If they detail in the contract that you signed when you started working for them that you can not participate in a class action lawsuit against them, you and your co-workers would be forced to sue individually, which limits your power to do anything about it.

      Before the ruling, whether companies could do this was determined state by state, if I remember correctly, but I could be wrong.

  12. Step 1 when buying a windows machine:
    before booting it for the first, insert a Debian install CD.

  13. Their problem is simple, they weren’t named Apple’s and their Mascot wasn’t Steve Jobs. Had they done so everybody would be announcing that “Everybody does it”, and gushing about how good the pictures were, and how great the secret spying system worked…

  14. For those of you saying “don’t rent computers” – you have to remember that many people have bad credit, or no credit at all. Sometimes buying a Dell on a payment plan is not an option.

    Unfortunately, these rent-to-own places mark up the goods so that although the consumer is “not paying interest”, they are paying twice the retail value (sometimes more) of the product they are renting to own.

    However, for folks rebuilding their credit, or who need a computer so their kids can do their homework, sometimes this is the only option. I know it seems simple to tell people not to go to places like Aaron’s, but you need to remember that such places exist for a reason.

    1. They may exist for a reason, but it’s not a good reason. They’re simply to prey on the uninformed and those with poor impulse control and bad money management habits. There’s nothing you can do with a new rented computer that you couldn’t do with one picked up off Craigslist for about what one rental payment costs. Heck, asking around might net you a free computer that’s perfectly capable of running Firefox and Open Office. There’s absolutely no need for a new computer nowadays and certainly no need to pay 200 – 300% of list price for it.

      @schmod: “slandering Aaron’s rental” is as nonsensical a phrase to me as “slandering Osama bin Laden.” They are a leech upon the downtrodden in society and do nothing good for anyone but the owners of Aaron’s.

  15. Ok, for those who didn’t bother to actually read the story before making comments. Here’s a brief run-down if the facts presented in the article.
    The couple rented a laptop from Aarons.
    When they made their monthly payments, and employee pocketed the payment, and didn’t record it.
    When the manager saw they were behind on payments, he went to get the laptop, and used photos the spyware had taken to prove they were still using the computer.

    @Anon #13
    Yes, that’s how most class action lawsuits work. They are set up that way because there are a lot of ways businesses would gladly screw consumers over if the consumer had to shell out $2000 in legal fees to sue for the much smaller damages they would be entitled to. The idea is that by aggregating the cases there are enough resources for the consumers to make their case, and the collective cost discourages the respondent and other other companies from trying to screw consumers or workers that way again.

    1. Where is everyone getting the bit about the dishonest employee pocketing the payments? The article I read said “The manager tried to repossess the computer because he mistakenly believed the Byrds hadn’t paid off their rent-to-own agreement. When Brian Byrd showed the manager a signed receipt, the manager showed Byrd a picture of Byrd using the computer — taken by the computer’s webcam.” So it sounds like there was a paperwork error – the manager thought they were supposed to be making payments still, but they had actually paid it off and had a receipt.

  16. How could an employee “pocket” their payments? In a modern business with trails for every transaction?

    Were they just walking into the store and slapping down cash every month? And not getting a receipt?

  17. I guess,

    Phone or laptop, both with cameras, microphones, GPS or router/cell tower tracking – is a dream.

    It is the greatest wish that a well funded hacker, a private investigator, police detective, military intelligence, security agencies could ever have.

    It is so perfect half these people must feel like kids in a candy store.

    All you need is a willing judge, in some countries you don’t even need that and when it comes to national security – goodness.

    I’ve heard that some phones can be turned on by the telco to listen in on conversations. I’ve heard people reporting their battery time being cut in half due to spyware.

    In theory, at the push of a button you can “light up your target like a deer”, you have multiple cameras, multiple microphones, you don’t need to sneak in to put bugs under the lamp.

    This in a world where location tracking is part of the Cellphone Communication Network specifications and everybody carries a microphone in their pocket.

    Better than that some applications auto update, same way police can listen in on drug dealers they should be able to give their phones “a software update”.

    Put your selves in the place of a creative individual tasked with getting their hands on valuable information to catch a really, really disgusting person. Any programmable device is a potential goldmine plus a promotion!.

    If Social Networks don’t make their money from offering “special” access to deleted profiles and histories, friends, to “special” parties then they are not fully utilizing their capabilities.

    Also you have your ISP with all kinds of potential for deep packet inspection and, well there is no end to it. If you are already running deep packet inspection, why not save that data? (that would include all kinds of private info)

    I value privacy but, I kind of have mixed feelings on all this – bad people are easier to catch – and I like that.

    On the other hand situations like the article points out or worst yet (School used student laptop webcams to spy on them at school and home) can and do occur, this is very bad, very.

    When companies like that or just geeks send private data over the networks, intended destination is not the only place the data may end up in.

    Your Phone is not a Calculator.

    Your Computer is not like a Toaster.

    Those are far more complex devices, they are active nodes participating in a global communication network.

    (Given complexity of new smart phones, your phone is as capable as a computer, in this context. Both are equally easy to locate I am sure, thin GPS-ing/sniffing routers – mmm, I wonder why )

    Deal with it, or study it so that you can do something about it.

    Also please note that that game network getting hacked also belongs to this creepy spying business, they didn’t do it on purpose but the result is the same.

    Even if it became extremely illegal to spy this way – Blackhat Hackers would do it.

    The solution is to read up on these things a little, understand they can be used for good and evil, and get wise about it all.

    Don’t let creeps ruin all the fun,
    don’t spend all your time in the internet or phone,
    get an audiobook, (Cryptonomicon $7! on go listen to it in the park (and what out for all the creeps :)

  18. poor unicorns. . .I mean, no: wait…

    I meant: poor people. Not just the folks who have been so obviously wronged by malfeasance and shenanigans, but the poor (like no-money having) that have to use these Totally Rip Off establishments to somehow better themselves.

    Furniture rental? That sucks! Remember Remco? Same thing, but at least it was ‘rent. . .to own!’ I hope the customer eventually gets to keep their whatever-the-hell, after paying 300% markup.

    Yes, as mellowknees above stated: these places exist for a reason. But, everytime I see a Check-into-Cash! commercial or any similar usurious ‘business’ I see red.

    ‘We are providing a valuable service to the under-served in our community!’ Fine. Sure. By STEALING money from the Poorest people!!

    I suppose if by buying a crappy $300 desktop for $950 helps you build credit, then maybe that’s a good thing. In our Brave New World of Capitalism: not everyone gets to be a winner. So if profit can be made from sucking the marrow from the underclasses; I guess we should just nod in support. . .

    Fuck that! save your money! get a bank account! eat the ric. . .aahhh ferget it.

    Unicorns you say?

  19. Renting a computer might have made sense 20 years ago when a decent machine cost a couple grand. Today you can buy an very nice (dual core, dvdburner, etc) off-lease laptop for well under $300. I’ve seen dual core Dells for $199 from time to time on Woot. You’d have to be an idiot to rent.

    Not that I’m saying it’s OK to spy on idiots, but still…

  20. I’m not too smart about computers but I think if you go into “programs” you should find the spyware and remove it. If you have a windows disc just replace the windows that is on it with your own. Or you can replace the hard drive that can easily be purchased for your model. I trust no one so Ive folded a business card and propped it in front of the cam on my laptop. Key logging is so easy to remove and alot of spyware programs will find them. Aarons is not allowed to infringe on personal privacy. I suspect Aarons will be run out of business totally after all this publicity. Corruption at Aarons starts at the corporate level and has worked its way all the way down to its employees (employee pocketing payments).I personally would NEVER rent a computer from anywhere!! The programs installed on it could dammage your future that someone prior to you downloaded on it. More so…I believe there is more to this case than we are aware of. ALOT MORE. I guess we will all see if this hits the internet anymore. Corruption seems to be the American way any more these days. Spyware is a means of corruption.

Comments are closed.