EXCLUSIVE: Spyware detected on US hotel check-in computers


A consumer spyware application was found running on the check-in systems of at least three Wyndham hotels in the United States, TechCrunch has learned.

The app, called pcTattletale, stealthily and continuously captured screenshots of hotel reservation systems, which contained guest details and guest information. Thanks to a security flaw in the spyware, these screenshots are available to everyone on the Internet, not just the intended users of the spyware.

This is the most recent example of consumer spyware exposing sensitive information due to a security flaw in the spyware itself. This is also the second known time that pcTattletale has exposed screenshots of devices that have the app installed. Several other spyware apps in recent years had security bugs or configuration errors that exposed the private and personal data of unwitting device owners, in some cases prompting action from government regulators.

Customer and booking details captured and exposed

pcTattletale allows anyone controlling it to remotely view the target’s Android or Windows device and its data, from anywhere in the world. The pcTattletale website states that the application “runs invisibly in the background on their workstations and cannot be detected.”

But the bug means that anyone on the Internet who understands how the security flaw works can download screenshots captured by the spyware directly from pcTattletale’s servers.

Security researcher Eric Daigle told TechCrunch he found hotel check-in systems compromised as part of an investigation into consumer spyware. These apps are often referred to as “stalkerware” because of their ability to be used to track people – including spouses and domestic partners – without their knowledge or consent.

Daigle said he attempted to alert pcTattletale about the issue, but the company did not respond and the flaw remained unpatched at the time of publication. Daigle disclosed limited details about the pcTattletale screenshot bug leak in a short blog post, without providing details so as not to help bad actors take advantage of the flaw.

Daigle said pcTattletale periodically takes new screenshots of the device the app is running on, sometimes every few seconds.

Screenshots of two Wyndham hotels, seen by TechCrunch, show guests’ names and booking details on a web portal provided by travel tech giant Sabre. Web portal screenshots also display customers’ partial payment card numbers.

Another screenshot showed access to a third Wyndham hotel’s check-in system, which at the time was connected to the Booking.com admin portal used to manage a guest’s reservation.

It is unclear who installed the app or how it was installed. For example, if hotel employees were tricked into installing it or if the hotel owner intended to use the spyware to monitor employee behavior. pcTattletale presents itself as a way to monitor employees, among other uses.

The manager of one affected hotel told TechCrunch by phone that he was unaware the spyware was taking screenshots of their check-in computer. Managers of the other two hotels did not respond to calls or emails from TechCrunch. TechCrunch is not naming specific hotels given the risk of retaliation against hotel employees.

Wyndham spokesperson Rob Myers told TechCrunch in an email: “Wyndham is a franchise organization, meaning all of our hotels in the United States are independently owned and operated. » Wyndham would not say whether it was aware that pcTattletale was used on front-desk computers at its branded hotels or whether use of pcTattletale was approved by Wyndham’s own policies.

Booking.com told TechCrunch that its own systems were not compromised by the spyware, but that this case appeared to be an example of how hotel systems are targeted by cybercriminals to gain access to hotel accounts.

“Some of our hosting partners have unfortunately been targeted with very convincing and sophisticated phishing tactics, tricking them into clicking on links or downloading attachments outside of our system that allow malware to load on their machines and, in some cases, lead to unauthorized access to their Booking.com Account,” said Angela Cavis, spokesperson for Booking.com. “These bad actors then attempt to impersonate the partner (or even Booking.com) – sometimes very convincingly – to request payment from customers outside of the policy in their booking confirmation.”

BBC News reported last December that cybercriminals had gained access to the administrative portals of individual hotels using Booking.com. Using this access, the criminals then sent messages to guests from the company’s app to trick them into paying themselves instead of the hotel.

It’s unclear whether pcTattletale or other spyware is linked to previous incidents, and Booking.com said it was investigating.

“All slopes covered”

There is a long history of tracking software apps that ostensibly market themselves for legitimate purposes (tracking your own children is legal in the United States) but also promote, or outright claim, that these apps can be used to targeting people without their knowledge, often spouses. and domestic partners, which is illegal.

pcTattletale is sold under the guise of child and employee monitoring software, but the company also promotes its app for use against “spouses who fear their partner is cheating.”

a screenshot of the pcTattletale members portal, which asks
A screenshot of pcTattletale’s member portal, which allows users to download its monitoring application which “users will not know pcTattletale is installed and running.” Image credits: TechCrunch (screenshot)

pcTattletale develops spyware apps for Android and Windows and both apps require physical access to a target’s device to install. pcTattletale provides its Windows spyware application as a one-click download that can be installed in seconds, according to TechCrunch’s own spyware testing and analysis.

pcTattletale also offers a service called “We Do It For You,” which the company says will help install the spyware on the target’s computer on the customer’s behalf.

“We installed pcTattletale on their Windows computer for you. Just choose a time,” the pcTattletale website tells customers on its member portal. “You will receive an email with instructions to allow us access to their computer. It takes us about 10 minutes. No trace left. All slopes covered. The customer then receives a link “allowing our technician (sic) to access the computer”.

Bryan Fleming, who founded and runs pcTattletale, did not respond to TechCrunch’s request for comment.


To contact this journalist, contact Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top