pcTattleTale Stalkerware App Discloses Victims’ Screenshots – Here’s How Not to Become a Target of This Monitoring Tool

Spying on your partner can be tempting, especially when it’s in the name of love. This is exactly what companies that create spyware apps rely on – the fact that there are plenty of people out there who would use an easy-to-install phone or PC app to watch their partners’ every move and see if they’re cheating or not.

Like most apps, they’re far from perfect, and their privacy-invasive capabilities (or vulnerabilities) go beyond their initial scope.

Case in point, the latest news about pcTattleTale stalkerware app. It seems anyone can see screenshots of phones simply by checking a URL, exposing stalked people’s data.

Let’s see why stalkerware apps aren’t that great and how you can tell if you’re a stalkerware victim.

pcTattleTale’s Business of Discovering ‘Dirty Secrets’

“Discover their secret online lives right from your phone or computer” is how pcTattletale markets their monitoring app. The common conception is that people use stalkerware apps to spy on their spouses or intimate partners.

According to a 2020 poll, one in 10 Americans admits using it on their partner’s or ex’s devices. Men are more than twice as likely than women to use the apps. Recent studies revealed the pandemic also increased the degree to which men use this kind of app against women.

Still, many companies that offer these “spying” services paint a prettier picture around their slogans, luring parents who want to know their kids safe or employers who want to check their remote employees’ productivity. pcTattleTale makes no exception.

The stalkerware company offers keyloggers for Windows computers and Android phones. Based on recent research, pcTattleTale transfers victim data to an AWS server that requires no password or other kind of authentication. Anyone can access a URL and see images that pcTattleTale captured, covering these elements:

      • device ID – a code given by pcTattleTale to the compromised device
      • the date the image was taken
      • a timestamp

During the tests that led to discovering of these vulnerabilities, security specialists found the script they used to access the images server had no rate limits. That means they could dig as deep as they wanted and see images from more devices at once.

Here’s a statement from pcTattleTale’s owner Bryan Fleming:

Yes, it does delete the data. I keep it there a little longer. A lot of people accidentally delete their devices and let the trial expire… Then, of course, they need the screenshots back.

Disclosures about pcTattleTale’s security flaw came pretty soon after the Federal Trade Commission (FTC) gave a no-go to a different stalking app. At the beginning of September 2021, the FTC banned Support King – the company behind Android stalkerware app SpyFone from the surveillance business. The stalkerware app secretly harvested and shared data on people’s real-time location, phone use, texts, and online activities through a hidden device flaw.

Apart from allowing their customers to spy on victims, SpyFone didn’t bother securing data collected about victims.

How to Tell if You’re a Spyware Victim

Monitoring activities may be ok at times, for instance, when you want to check if your kids arrived safely at home. When this isn’t the case, you may want to protect your privacy.

Here are some tell-tale signs of spyware:

  1. Your device is overheating.
  2. Your battery drains faster than usual.
  3. You hear weird background noise during calls.
  4. You notice spikes in usage data.
  5. You find unknown apps installed on your device.

Popular Phone Spying Apps

Safety Tips to Stay Away From Stalkerware Apps

What may start as an innocent jealous partner’s game can sometimes finish with having sensitive information exposed and available for any pair of prying eyes to take a peek.

Check these pointers to keep your personal data private:

  1. Use an antivirus.
  2. Don’t click on suspicious links in SMS’s, instant messages, and emails.
  3. Enable two-factor authentication (2FA) whenever possible for your online accounts and your phone accounts.
  4. Don’t ignore system updates; most times, they include important security patches.
  5. Check app permissions to avoid the risk of malicious app downloads.
  6. Don’t download apps outside the iOS App Store or Google Play Store.
  7. Protect your phone with biometric authentication.
  8. Use a VPN as an additional layer of protection and privacy.

FAQ

What is spyware?

Spyware (or stalkerware) is when a person gets information about you through monitoring software gaining access to your device without your knowledge. Cybercriminals can capture data collected through spyware sell it to advertisers, or other third parties.

What is a keylogger?

A keylogger is short for keyboard logger, and it’s a type of spyware that monitors and records all your keystrokes. Many cybercriminals use keyloggers to steal account passwords, credit card details, and other personal information.

How do I get spyware into my PC or phone?

You can get spyware from an automatic download from a website you’re visiting or email attachments. When downloading freeware or shareware software, spyware can be embedded in the installation process.

When it comes to phones, your partner or boss can install them directly on your phone. In other cases, you can get it from malicious apps, SMS scams, or ads that contain malware.

Can spyware be dangerous?

Yes. In many cases, spyware apps showcased security flaws that can lead to having your information exposed. The danger also comes from the fact that sometimes they go unnoticed and send all your data to whoever generated the malicious code.

 

Do you believe stalkerware (spyware) software should be banned or do you see them as useful tools?

Let me know in the comments below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*