pcTattletale exposes victim data online through leaked AWS bucket: report

The picture of the article titled Stalkerware Company is said to have found a new sucking method

Photo: Alexander Kona (Getty Images)

A company that publicly promotes itself as a “tracking software” that tracks and monitors the online activities of a spouse or partner also has an obvious security breach that has exposed most of its data on the Internet. New report From the motherboard.

pcTattletale Essentially a KeyloggerThe company sells an app that is compatible with Android phones and Windows PCs. The app can monitor all activities on the target device—whether it’s text, email, or any other activity. It claims that this is “Catch the cheating husband“, and encourage customers to forcibly install the product on the mobile phone or computer of important others-provide Useful tips Learn how to do this on its website without getting caught.

With the cute and warm slogan “Look at them on your phone or computer”, the company clearly has no interest in acting reserved or humble. On the contrary, it is the exact opposite, letting you know its products is a very good way to violate personal boundaries and tap the internal range of your boyfriend or girlfriend’s device, monitor your employees, or monitor your own children .

Most importantly, the company is reported to have a fairly serious security breach that may allow stealth operators to access images captured from infected devices.

Main board report The company uploads screenshots taken from the infected phone to the AWS server. However, the server is not protected by authentication, which means that you do not need a password or other security-related protocols to view the images stored in it. Instead, all you need are URLs for specific screenshots-these URLs are automatically generated for each individual image and consist of the associated device ID, shooting date, and timestamp.The motherboard is broken this The whole thing like this:

The URL of the image captured by pcTattleTale consists of the device ID (code provided to the infected device by pcTattleTale, which seems to be generated in sequence), date and time stamp. In theory, an attacker may be able to discover images uploaded by other infected devices through different URL combinations.

The vulnerability was discovered by a security researcher named Jo Coscia, who said that they discovered the security vulnerability when they carefully read the trial version of the company’s software. The motherboard also downloaded the program and independently verified the researchers’ findings. Although the exit points out that recreating a personal time stamp for a particular image can be tricky, In theory, an unscrupulous person with a lot of time and the right tools can Manipulate this situation to search for images other than your own. We contacted pcTattletale for comments, and if they respond, we will update this story.

Tracking software company Often criticized, whether it’s because they frequently Safety Mistake with Their basic premise- Critics say Allow the abuser to monitor and control Current and former partners. Bryan Fleming, CEO of pcTattletale, Said Products like him are overused by women, but A study According to a NortonLifeLock report released in February last year, men are more than twice as likely to use tracking software with their partners or ex-partners than others.Further analysis shows that the pandemic greatly increase The extent to which such plans are used to deal with women.

Earlier this month, the Federal Trade Commission made its first decision Prohibit tracking software companies, SpyFone, from the market-indicating that federal authorities may be willing to crack down on such companies.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *