Spyware found on US hotel checkin computers TechCrunch
pFeatured ArticleppCommentppA consumergrade spyware app has been found running on the checkin systems of at least three Wyndham hotels across the United States TechCrunch has learnedppThe app called pcTattletale stealthily and continually captured screenshots of the hotel booking systems which contained guest details and customer information Thanks to a security flaw in the spyware these screenshots are available to anyone on the internet not just the spywares intended users ppThis is the most recent example of consumergrade spyware exposing sensitive information because of a security flaw in the spyware itself Its also the second known time that pcTattletale has exposed screenshots of the devices on which the app is installed Several other spyware apps in recent years had security bugs or misconfigurations that exposed the private and personal data of unwitting device owners in some cases prompting action by government regulatorspppcTattletale allows whomever controls it to remotely view the targets Android or Windows device and its data from anywhere in the world pcTattletales website says the app runs invisibly in the background on their workstations and can not be detectedppBut the bug means that anyone on the internet who understands how the security flaw works can download the screenshots captured by the spyware directly from pcTattletales servers ppSecurity researcher Eric Daigle told TechCrunch that he found the compromised hotel checkin systems as part of an investigation into consumergrade spyware These apps are often referred to as stalkerware for their ability to be used to track people including spouses and domestic partners without their knowledge or consent ppDaigle said he attempted to warn pcTattletale of the issue but the company has not responded and the flaw remains unfixed at the time of publication Daigle disclosed limited details of pcTattletales leaking screenshot bug in a short blog post without providing specifics so as to not help bad actors take advantage of the flaw ppDaigle said pcTattletale periodically takes new screenshots of the device that the app is running on sometimes every few secondsppThe screenshots from two Wyndham hotels seen by TechCrunch show the names and reservation details of guests on a web portal provided by travel tech giant Sabre The screenshots of the web portals also display guests partial payment card numbersppAnother screenshot showed access to a third Wyndham hotels checkin system which at the time was logged into Bookingcoms administration portal used to manage a guests reservationppIts not known who planted the app or how the app was planted for example if hotel employees were tricked into installing it or if the hotel owner intended the spyware to be used to monitor employee behavior pcTattletale markets itself as a way to monitor employees among other usesppThe manager of one affected hotel told TechCrunch by phone that they were unaware that the spyware was taking screenshots of their checkin computer The managers of the other two hotels did not return TechCrunchs calls or emails TechCrunch is not naming the specific hotels given the risk of retaliation against hotel employeesppWyndham spokesperson Rob Myers told TechCrunch in an email Wyndham is a franchise organization meaning all of our hotels in the US are independently owned and operated Wyndham would not say if it was aware that pcTattletale was used on the frontdesk computers of its branded hotels or if the use of pcTattletale was approved by Wyndhams own policiesppBookingcom told TechCrunch that its own systems were not compromised by the spyware but that this case seemed like an example of how hotel systems are targeted by cybercriminals to get access to the hotels accountsppSome of our accommodation partners have unfortunately been targeted by very convincing and sophisticated phishing tactics encouraging them to click on links or download attachments outside of our system that enable malware to load on their machines and in some cases lead to unauthorized access to their Bookingcom account said Angela Cavis a spokesperson for Bookingcom These bad actors then attempt to impersonate the partner or even Bookingcom sometimes very convincingly to request payment from customers outside of the policy in their booking confirmationppBBC News reported last December that cybercriminals had obtained access to the administration portals of individual hotels that use Bookingcom With this access the criminals then sent messages to customers from the companys app to trick them into paying them instead of the hotel ppIts not known if pcTattletale or other spyware is linked to previous incidents and Bookingcom said it was investigatingppThere is a long history of stalkerware apps that ostensibly market themselves for legitimate uses tracking your own children is legal in the United States but also promote or outright say that the apps can be used to target people without their knowledge often spouses and domestic partners which is unlawfulpppcTattletale is sold under the guise of child and employee monitoring software but the company also promotes its app for use against spouses who worry that their partner might be cheating pppcTattletale develops spyware apps for Android and Windows and both apps require physical access to a targets device to install pcTattletale provides its Windows spyware app as a oneclick download that can be installed in a few seconds according to TechCrunchs own tests and analysis of the spyware pppcTattletale also offers a service called We Do It For You which the company says will help install the spyware on the targets computer on the customers behalf ppWe put pcTattletale on their Windows Computer for you Just pick a time pcTattletales website tells customers inside its members portal You will get an email with instructions for us to access their computer It takes us about 10 minutes No traces left behind All tracks covered The customer is then sent a link for our techncian sic to access the computerppStalkerware operates in a murky legal space in the US where the possession of spyware itself is not illegal but its use against people without their knowledge and consent is unlawful US prosecutors have charged stalkerware developers in the past for facilitating nonconsensual surveillance as pcTattletale says it provides ppBryan Fleming who founded and maintains pcTattletale did not respond to TechCrunchs request for comment ppIf you or someone you know needs help the National Domestic Violence Hotline 18007997233 provides 247 free confidential support to victims of domestic abuse and violence If you are in an emergency situation call 911 The Coalition Against Stalkerware has resources if you think your phone has been compromised by spywareppTo contact this reporter get in touch on Signal and WhatsApp at 1 6467558849 or by email You can also send files and documents via SecureDropppEvery weekday and Sunday you can get the best of TechCrunchs coverageppStartups are the core of TechCrunch so get our best coverage delivered weeklyppThe latest Fintech news and analysis delivered every TuesdayppTechCrunch Mobility is your destination for transportation news and insightppBy submitting your email you agree to our Terms and Privacy Notice
ppFeatured ArticleppThe tech layoff wave is still going strong in 2024 Following significant workforce reductions in 2022 and 2023 this year has already seen 60000 job cuts across 254 companies according to independent layoffs tracker Layoffsfyi Companies like Tesla Amazon Google TikTok Snap and Microsoft have conducted sizable layoffs in the ppTelegrams founder Pavel Durov says his company only employs around 30 engineers Security experts say that raises serious questions about the companys cybersecurity ppEmergence on Monday emerged from stealth with 972 million in funding ppThe Multi deal seems to fit into OpenAIs broader recent strategy of investing heavily in enterprise solutions ppCar dealerships and auto shops around the US enter a second week of disruption following cyberattacks at software maker CDK ppConsumer technology is hard but few people have mastered it as well as Matt Rogers cofounder of Nest and now Mill his new startup that promises to turn your table ppGoogle announced on Monday that its bringing its AI technology Gemini to teen students using their school accounts after having already offered Gemini to teens using their personal accounts The company ppShopify merchants can now sell their items to Targets millions of shoppers thanks to a new partnership The companies announced on Monday that sellers on the commerce platform can apply ppA few months after opening a noncompliance case on Apple and the Digital Markets Act DMA the European Commission has shared its preliminary findings with Apple And the bottom line ppMixhalo Translate couples the startups ultralow latency inperson streaming with AIgenerated audio translations ppProsus the largest external investor in Byjus has written off its 96 stake in Indian edtech firm ppVinod Khosla the Sun Microsystems cofounder turned prominent investor talks about how AI is changing tech and the risks of government regulation ppAfter a few months of testing during the general elections Meta is making its Llama 3powered AI chatbot available to all users in India However Meta AI currently only supports ppWere at a transitional moment in streaming user growth is slowing and major players are looking to consolidate but the longpromised dream of profitability finally seems within reach especially ppAnika Collier Navaroli is working to shift the power imbalance She is known for her research and advocacy work within technology ppIf all goes to plan Europeans will be able to download and use a free EU Digital Identity Wallet to access a wide range of public and private services ppFeatured ArticleppScale AI founder Alexandr Wang set off another debate with an antiDEI post It revealed a lot about the current state of DEI in tech ppAs Apple enters the AI race its also looking for help from partners During the announcement of Apple Intelligence earlier this month Apple said it would be partnering with OpenAI pp18yearolds Christopher Fitzgerald and Nicholas Van Landschoot have founded APIGen a platform to build custom APIs from natural language prompts ppWelcome back to TechCrunchs Week in Review TechCrunchs newsletter recapping the weeks biggest news Want it in your inbox every Saturday Sign up here This week Ilya Sutskever launched ppReally X should have learned its lesson by now ppOmniAI is a set of tools that transform unstructured enterprise data into a something that data analytics apps and AI can understand ppCharlette NGuessan is the Data Solutions and Ecosystem Lead at Amini a deep tech startup leveraging space technology and artificial intelligence to tackle environmental data scarcity in Africa and the ppFeatured ArticleppJournalists understand the basic structure of the deals but they still have questions ppFeatured ArticleppThe human brain has long been a subject of fascination for art and science which are now both mixed into Brainstorms A Great Gig in the Sky a new live interactive experience to the tune of Pink Floyd Interactivity is optional but memorable Exhibition visitors can opt in and pay ppWhen former YouTube product manager Kevin Xu known as Sir Jack A Lot on Reddit turned 35000 into 8 million trading stocks between 2020 and 2022 many people thought his ppFeatured ArticleppThe Open Source Initiative is trying to address the debate stirring around the notion of opensource AI ppFisker is just a few days into its Chapter 11 bankruptcy and the fight over its assets is already charged with one lawyer claiming the startup has been liquidating assets ppA hacker is advertising customer data allegedly stolen from the Australiabased live events and ticketing company TEG on a wellknown hacking forum On Thursday a hacker put up for sale ppWelcome to Startups Weekly Hajes weekly recap of everything you cant miss from the world of startups Sign up here to get it in your inbox every Friday Elon ppPowered by WordPress VIPp
ppFeatured ArticleppThe tech layoff wave is still going strong in 2024 Following significant workforce reductions in 2022 and 2023 this year has already seen 60000 job cuts across 254 companies according to independent layoffs tracker Layoffsfyi Companies like Tesla Amazon Google TikTok Snap and Microsoft have conducted sizable layoffs in the ppTelegrams founder Pavel Durov says his company only employs around 30 engineers Security experts say that raises serious questions about the companys cybersecurity ppEmergence on Monday emerged from stealth with 972 million in funding ppThe Multi deal seems to fit into OpenAIs broader recent strategy of investing heavily in enterprise solutions ppCar dealerships and auto shops around the US enter a second week of disruption following cyberattacks at software maker CDK ppConsumer technology is hard but few people have mastered it as well as Matt Rogers cofounder of Nest and now Mill his new startup that promises to turn your table ppGoogle announced on Monday that its bringing its AI technology Gemini to teen students using their school accounts after having already offered Gemini to teens using their personal accounts The company ppShopify merchants can now sell their items to Targets millions of shoppers thanks to a new partnership The companies announced on Monday that sellers on the commerce platform can apply ppA few months after opening a noncompliance case on Apple and the Digital Markets Act DMA the European Commission has shared its preliminary findings with Apple And the bottom line ppMixhalo Translate couples the startups ultralow latency inperson streaming with AIgenerated audio translations ppProsus the largest external investor in Byjus has written off its 96 stake in Indian edtech firm ppVinod Khosla the Sun Microsystems cofounder turned prominent investor talks about how AI is changing tech and the risks of government regulation ppAfter a few months of testing during the general elections Meta is making its Llama 3powered AI chatbot available to all users in India However Meta AI currently only supports ppWere at a transitional moment in streaming user growth is slowing and major players are looking to consolidate but the longpromised dream of profitability finally seems within reach especially ppAnika Collier Navaroli is working to shift the power imbalance She is known for her research and advocacy work within technology ppIf all goes to plan Europeans will be able to download and use a free EU Digital Identity Wallet to access a wide range of public and private services ppFeatured ArticleppScale AI founder Alexandr Wang set off another debate with an antiDEI post It revealed a lot about the current state of DEI in tech ppAs Apple enters the AI race its also looking for help from partners During the announcement of Apple Intelligence earlier this month Apple said it would be partnering with OpenAI pp18yearolds Christopher Fitzgerald and Nicholas Van Landschoot have founded APIGen a platform to build custom APIs from natural language prompts ppWelcome back to TechCrunchs Week in Review TechCrunchs newsletter recapping the weeks biggest news Want it in your inbox every Saturday Sign up here This week Ilya Sutskever launched ppReally X should have learned its lesson by now ppOmniAI is a set of tools that transform unstructured enterprise data into a something that data analytics apps and AI can understand ppCharlette NGuessan is the Data Solutions and Ecosystem Lead at Amini a deep tech startup leveraging space technology and artificial intelligence to tackle environmental data scarcity in Africa and the ppFeatured ArticleppJournalists understand the basic structure of the deals but they still have questions ppFeatured ArticleppThe human brain has long been a subject of fascination for art and science which are now both mixed into Brainstorms A Great Gig in the Sky a new live interactive experience to the tune of Pink Floyd Interactivity is optional but memorable Exhibition visitors can opt in and pay ppWhen former YouTube product manager Kevin Xu known as Sir Jack A Lot on Reddit turned 35000 into 8 million trading stocks between 2020 and 2022 many people thought his ppFeatured ArticleppThe Open Source Initiative is trying to address the debate stirring around the notion of opensource AI ppFisker is just a few days into its Chapter 11 bankruptcy and the fight over its assets is already charged with one lawyer claiming the startup has been liquidating assets ppA hacker is advertising customer data allegedly stolen from the Australiabased live events and ticketing company TEG on a wellknown hacking forum On Thursday a hacker put up for sale ppWelcome to Startups Weekly Hajes weekly recap of everything you cant miss from the world of startups Sign up here to get it in your inbox every Friday Elon ppPowered by WordPress VIPp
