A consumer-grade spyware app called ‘pcTattletale’ has been discovered on the check-in systems of several hotels across the United States, exposing sensitive guest information to the internet, TechCrunch reported.
The app is designed to operate covertly, capturing and transmitting screenshots of the infected systems. A security flaw in the app has made these screenshots accessible to anyone on the internet, not just the intended users of the spyware. This vulnerability allows any knowledgeable individual to download the screenshots directly from pcTattletale’s servers.
The flaw was found by security researcher Eric Daigle, who discovered the compromised hotel systems while investigating consumer-grade spyware. These types of applications are often referred to as “stalkerware” due to their use in covertly tracking individuals without their consent.
Daigle reported his findings to pcTattletale, but the company has yet to address the security issue. It’s currently unclear how the spayware was planted on the hotel systems. It is unknown whether hotel employees were duped into installing the app or if it was intentionally deployed to monitor staff activities. PcTattletale, which is marketed for monitoring children and employees, also promotes its use for surveilling potentially unfaithful spouses.
Bryan Fleming, the founder of pcTattletale, has yet to comment on the situation.
