US Hotel Check-In Computers Infected With Spyware

The check-in systems at numerous hotels throughout the U.S. are operating a remote access application that is inadvertently exposing guest information screenshots to the internet.

A consumer-grade spyware app has been detected on the check-in systems of at least three Wyndham hotels across the U.S.

The pcTattletale application has covertly been taking screenshots of hotel booking systems, exposing confidential guest and customer data. Exploiting a security loophole in the spyware, these screenshots are now accessible to the general public online, rather than being restricted to the app’s actual users.

This incident highlights another instance of consumer-grade spyware revealing sensitive information due to inherent security flaws. It’s the second known occurrence where pcTattletale has leaked screenshots from the devices it targets. Over recent years, several other spyware applications have also exposed private and personal data due to security vulnerabilities or misconfigurations, leading to government regulators taking action in some instances.

pcTattletale enables its operator to remotely access both Android and Windows devices, along with their data, from anywhere across the globe. As stated on pcTattletale’s website, the app “runs invisibly in the background on their workstations and can not be detected.”

However, this vulnerability allows anyone with knowledge of the security flaw to retrieve the screenshots taken by the spyware directly from pcTattletale’s servers over the internet.

According to findings from security researcher Eric Daigle, the violated hotel check-in systems have come under scrutiny as part of an inquiry into consumer-grade spyware. These applications are commonly labeled as “stalkerware” due to their capability to monitor individuals, including spouses and domestic partners, without their awareness or approval.

Efforts were made by Daigle to alert pcTattletale about the issue, but he said the company has not acknowledged his warnings, leaving the vulnerability unaddressed. While some information about pcTattletale’s screenshot leakage issue was disclosed by Daigle in a brief blog post, specific details were deliberately withheld to prevent malicious exploitation of the flaw.

He wrote in his blog post, “Hopefully the stalkerware author(s) can be bothered to fix the issue soon, at which point I can give a full writeup. In the meantime, if you think you may be a victim of stalkerware, run an antivirus scan — on Windows, Windows Defender seems to catch most known tools, on Android I’ve heard good things about Malwarebytes — and have a look at the excellent advice from the Coalition Against Stalkerware.”