Stalkerware Company Exposes Victims’ Data Due to Poor Security Practices

Chris Thompson

By Chris Thompson


In a significant breach of privacy, a stalkerware company has compromised the data of its victims by leaking phone screenshots through publicly accessible URLs. This incident underscores the dangers of stalkerware, which not only facilitates illegal surveillance but also increases the risk of further data breaches.

The Federal Trade Commission (FTC) has previously acted against stalkerware companies for similar security failings, highlighting the ongoing risks associated with these applications. In this case, the stalkerware in question, pcTattleTale, used for monitoring Windows and Android devices, uploads victim data, including screenshots, to a vulnerable AWS server.

Security researcher Jo Coscia discovered the vulnerability by analyzing the trial version of pcTattleTale. The URLs for the images are predictably constructed using a device ID, date, and timestamp. This predictability allows attackers to write scripts to systematically access URLs, potentially exposing a vast array of victims’ screenshots and data from compromised devices.

The root of the problem lies in pcTattleTale’s failure to implement proper authentication for accessing these images. Despite assurances that data would be deleted upon trial expiration, Coscia found that screenshots remained accessible, posing a serious security risk for users relying on these claims.

Bryan Fleming, the creator of pcTattleTale, developed the initial codebase in 2003 and completely rewrote it in 2012 after acquiring full ownership. Fleming noted that user data is stored temporarily after deletion to facilitate recovery in case of accidental deletions or trial expiration. However, this practice has inadvertently contributed to the security vulnerabilities discovered.

As reported by Vice, pcTattleTale’s system has faced server crashes due to its growing user base, currently receiving around 40,000 unique visitors per month. The spyware is designed to be stealthily installed on target devices.

Once installed, pcTattleTale conceals itself from the home screen and disables notifications to avoid detection. It also advises users to disable antivirus software to prevent interference. However, anti-spyware tools like Certo will flag pcTattleTale as potential stalkerware, alerting users to its presence.

While the FTC has not specifically commented on an investigation into pcTattleTale, their recent enforcement actions against another stalkerware company suggest that similar scrutiny could be forthcoming. The persistent security lapses in stalkerware applications continue to endanger the privacy and safety of individuals, underscoring the need for stringent regulatory oversight and robust security practices.