The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor their children’s online activities or by employers to keep track of employee productivity and internet usage.<\/p>\n\n\n\n
Daigle discovered the commercial surveillance software on the hotel check-in systems while investigating consumer-grade spyware (aka stalkerware<\/a>).\u00a0<\/p>\n\n\n\n
“PCTattletale<\/a>\u00a0is a simple stalkerware app. Rather than the sophisticated monitoring of many\u00a0similarly insecure<\/a>\u00a0competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection. Afterward the observer can log in to an online portal and activate recording, at which point a screen capture is taken on the device and played on the target’s browser.” wrote<\/a> Daigle in a post. “I recently discovered a serious vulnerability in PCTattletale’s API allowing any attacker to obtain the most recent screen capture recorded from any device on which PCTattletale is installed. It is distinct from the IDOR\u00a0previously discovered by Jo Coscia<\/a>, and makes it trivial to actually obtain captures from other devices.”<\/em>
“The screenshots from two Wyndham hotels, seen by TechCrunch, show the names and reservation details of guests on a web portal provided by travel tech giant Sabre. The screenshots of the web portals also display guests\u2019 partial payment card numbers.” reported <\/a>TechCrunch. “Another screenshot showed access to a third Wyndham hotel\u2019s check-in system, which at the time was logged into Booking.com\u2019s administration portal used to manage a guest\u2019s reservation.”<\/em><\/p>\n\n\n\n
Pierluigi\u00a0Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, consumer-grade spyware<\/strong> app)<\/strong><\/p>\n\n\n\n
A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor […]<\/p>\n","protected":false},"author":1,"featured_media":163557,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[15109,4112,9508,9506,10918,15108,687,841,1533],"class_list":["post-163550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-consumer-grade-spyware-app","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pctattletale","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n