SPYWARE APPLICATION SITE HACKED

DailyPost 2799
SPYWARE APPLICATION SITE HACKED

The world of cybersecurity has no bounds, it can get crazier and challenging, way beyond anyone can imagine. We have heard tons of ransomware tales of cyber ransoms being coughed by big companies and business entities. Now a different hack has hit and that too in a very different way. The modus operandi will not astonish you, but certainly the target, you might find it difficult to call the entity a victim, but that is what it is. A spyware app’s site defaced, and the hacker dumps database and source code. Spyware was being technically spied upon to bring it to its knees.

The spyware we are talking of is pcTattletale found on the booking systems of several Wyndham Hotels in the US. A hacker has defaced its website. It has also leaked over a dozen archives containing databases and source code data. Vice reported three years back that it was leaking realtime screenshots from Android phones. This happening to a stalkware app can be very shameful. But that is where the hackers had brought them down to. The developers describe it product as an “employee and child monitoring software.”

Put simply, it is a consumer-grade spyware solution. Customer information captured on hotels’ check-in systems was leaked because of an API security vulnerability according to TechCrunch. The technical flaw in the spyware allowed for access to screenshots the malware makes on the other devices. It is distinct from the IDOR previously discovered. Unfortunately, pcTattletale had ignored earlier attempts of a security researcher offering to help them out to fix the issues. The vulnerability remained.

The security researcher shared a limited amount of information regarding the severe flaw. But someone took the challenge. He defaced the spyware’s website and leaked 20 archives containing source code and data dumped from pcTattletale’s databases. The hacker proclaims on the now defaced website, that he didn’t exploit the earlier vulnerability. He used a “Python exploit to extract pcTattleTale’s AWS credentials via a SOAP-based API, which provided access to the spyware’s source code and databases.”

SECURITY ASSURANCE IS A MUST FOR CYBER SECURITY PRODUCTS. CAN IT BE GUARANTEED?
Sanjay Sahay

Have a nice evening.

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top