Consumer-grade spyware found running on hotel guest PCs contains serious security flaw that lets anyone see recent screenshots

Fingerprint security
(Image credit: Pexels)

Three US-based Wyndham hotels have been found running spyware on their guest check-in computers, according to a report from TechCrunch. The presence of the spyware is even more problematic than it sounds, as a serious security vulnerability that allows the entire internet to access its recordings has been found in the program. 

The computers were all found running "pcTattletale", a program that belongs to a grade of spyware apps known colloquially as "stalkerware". Stalkerware lives on a device in secret — it runs without being seen but collects information on device usage (gaining its name from its most dangerous potential use case).  pcTattletale is billed as an app for secretly monitoring children or employees — it takes screenshots of the device and uploads them to the cloud for review by the installer. 

Eric Daigle, the security researcher who first discovered the program on the hotel computers, also discovered a dangerous security problem with pcTattletale. As is common for poorly-programmed spyware programs, pcTattletale contains insecurities that can be exploited. Unlike most spyware programs, the simple pcTattletale hosts a critical vulnerability "allowing any attacker to obtain the most recent screen capture recorded from any device on which PCTattletale is installed". 

Any further details than this would reveal the vulnerability, so Daigle is refraining from elaborating further until pcTattletale responds to his correspondence on patching the flaw. The screenshots found by Daigle of the hotel computers leaked online reportedly include names, reservation details, and partial credit card numbers of guests. It is still unknown how the app ended up on the check-in PCs; one hotel manager reportedly did not know that the app was installed, Wyndham refused to comment on the software, and Booking.com speculated it could have been downloaded as part of a phishing scam.

The security flaw in the spyware highlights the danger inherent in stalkerware such as pcTattletale or the popular Life360, which are advertised to parents as safe ways to "[let] you understand your child's online world without them ever knowing," according to pcTattletale's website. 

And yesterday's spyware could be tomorrow's flagship feature with Microsoft's new Recall app coming to Copilot+ PCs this June. Like consumer-grade stalkerware, Recall will take screenshots of your computer every few seconds to help you remember your browsing in case you forget where you saw something. Recall will keep all screenshots on the local storage of the PC, so it will avoid the same dangers as pcTattletale, but the obvious security risks inherent in the software are drawing investigation from the UK government

Dallin Grimm
Contributing Writer

Dallin Grimm is a contributing writer for Tom's Hardware. He has been building and breaking computers since 2017, serving as the resident youngster at Tom's. From APUs to RGB, Dallin has a handle on all the latest tech news. 

  • COLGeek
    It is because of concerns like this that I stopped using hotel (and other free sources) Wi-Fi years ago. I have been tethering a phone for several years. Now with 5G so widespread, speed of service is rarely an issue.
    Reply
  • bigdragon
    This news implies these hotels have overzealous management and slow business. Not a good sign. Unsurprising given how hotel standards of quality have been steadily dropping.
    Reply
  • ThomasKinsley
    Security and hotel computers do not go together. I recently needed to print some documents on a trip. The hotel lobby computers had a very helpful screen telling me that technicians were able to remotely patch into the machines at any time. After several glitches flashing on the screen I decided to skip the whole thing and with their approval directly connected the printer to a laptop. Shades of Microsoft's Recall indeed.
    Reply
  • TJ Hooker
    COLGeek said:
    It is because of concerns like this that I stopped using hotel (and other free sources) Wi-Fi years ago. I have been tethering a phone for several years. Now with 5G so widespread, speed of service is rarely an issue.
    I don't see how the issue in this article relates to connecting to public WiFi. Connecting to the hotel WiFi or not would have made no difference here.
    Reply
  • bluvg
    Paul Thurrott has a good post on thurrott.com to consider on why Microsoft's Recall is not the privacy concern many media outlets are breathlessly, unsurprisingly, and somewhat mindlessly (not bothering to dig into any details) reporting.
    Reply
  • COLGeek
    TJ Hooker said:
    I don't see how the issue in this article relates to connecting to public WiFi. Connecting to the hotel WiFi or not would have made no difference here.
    True, it is an indirect association. The real issue is you don't know what else resides in those environments and who may be "listening". Kind of like swimming in a public pool, with unknown sanitary conditions.

    Just not worth the risk.
    Reply
  • TJ Hooker
    COLGeek said:
    True, it is an indirect association. The real issue is you don't know what else resides in those environments and who may be "listening". Kind of like swimming in a public pool, with unknown sanitary conditions.

    Just not worth the risk.
    I mean, you could say the same thing about the internet as a whole. The only risk I see with public WiFi is that the network admin could see all the sites you are visiting (but not see any of the actual traffic content). Is that worse than broadband and/or wireless providers seeing all sites you visit when you connect to your home or 5G network? Guess that's up to the individual to decide.

    However, if you're worried about your browsing habits being tracked, I think you're better off just using a VPN (which of course means your VPN provider can see all the sites you visit), in which case choice of network doesn't make much difference.
    Reply