Consumer-grade spyware found running on hotel guest PCs contains serious security flaw that lets anyone see recent screenshots

Dallin Grimm
·2 min read
Fingerprint security.
Fingerprint security.

Three US-based Wyndham hotels have been found running spyware on their guest check-in computers, according to a report from TechCrunch. The presence of the spyware is even more problematic than it sounds, as a serious security vulnerability that allows the entire internet to access its recordings has been found in the program.

The computers were all found running "pcTattletale", a program that belongs to a grade of spyware apps known colloquially as "stalkerware". Stalkerware lives on a device in secret — it runs without being seen but collects information on device usage (gaining its name from its most dangerous potential use case).  pcTattletale is billed as an app for secretly monitoring children or employees — it takes screenshots of the device and uploads them to the cloud for review by the installer.

Eric Daigle, the security researcher who first discovered the program on the hotel computers, also discovered a dangerous security problem with pcTattletale. As is common for poorly-programmed spyware programs, pcTattletale contains insecurities that can be exploited. Unlike most spyware programs, the simple pcTattletale hosts a critical vulnerability "allowing any attacker to obtain the most recent screen capture recorded from any device on which PCTattletale is installed".

Any further details than this would reveal the vulnerability, so Daigle is refraining from elaborating further until pcTattletale responds to his correspondence on patching the flaw. The screenshots found by Daigle of the hotel computers leaked online reportedly include names, reservation details, and partial credit card numbers of guests. It is still unknown how the app ended up on the check-in PCs; one hotel manager reportedly did not know that the app was installed, Wyndham refused to comment on the software, and Booking.com speculated it could have been downloaded as part of a phishing scam.

The security flaw in the spyware highlights the danger inherent in stalkerware such as pcTattletale or the popular Life360, which are advertised to parents as safe ways to "[let] you understand your child's online world without them ever knowing," according to pcTattletale's website.

And yesterday's spyware could be tomorrow's flagship feature with Microsoft's new Recall app coming to Copilot+ PCs this June. Like consumer-grade stalkerware, Recall will take screenshots of your computer every few seconds to help you remember your browsing in case you forget where you saw something. Recall will keep all screenshots on the local storage of the PC, so it will avoid the same dangers as pcTattletale, but the obvious security risks inherent in the software are drawing investigation from the UK government.