Guest Computers in 3 US Hotels Found Containing pcTattletale Spyware

A troubling revelation has surfaced involving three Wyndham hotels in the United States, where guest check-in computers were discovered running consumer-grade spyware, posing serious privacy and security threats. This issue came to light through a detailed report by TechCrunch, highlighting the potential dangers posed by such software, known as “stalkerware.”

Spyware Exposed: pcTattletale’s Critical Flaws

The software in question, pcTattletale, is typically marketed for monitoring children or employees discreetly. It operates stealthily on devices, capturing screenshots and uploading them to the cloud for the installer’s review. 

However, the intention behind its use at the hotels remains unclear. Alarmingly, Eric Daigle, a security researcher, uncovered a significant flaw in the software. Unlike typical vulnerabilities in spyware, pcTattletale’s flaw allows any attacker to access the most recent screenshot from any device running the software.

A screenshot of pcTattletale’s members portal (Source: TechCrunch)

This critical flaw is particularly concerning as it could enable unauthorized access to sensitive information. During his investigation, Daigle stumbled upon screenshots that included guest names, reservation details, and partial credit card numbers, which were subsequently leaked online.

Response and Implications of the Spyware Discovery

The response from involved parties has been varied. One hotel manager claimed ignorance of the software’s installation, while Wyndham has yet to make a statement. Booking.com suggested that the spyware might have been inadvertently downloaded through a phishing scam. 

Daigle has refrained from revealing more details about the vulnerability to prevent further exploitation and has reached out to pcTattletale for a response regarding a fix. Despite being advertised as a safe way for parents to monitor their children’s activities discreetly, programs like pcTattletale and Life360 present significant privacy risks. 

This situation highlights the importance of rigorous cybersecurity measures and thorough monitoring of software installations in sensitive environments like hotel check-in systems. For guests, the incident serves as a reminder to be vigilant about the security of personal information when interacting with publicly accessible devices.