Christelle Perret September 23, 2021 at 11:4028
The PCTATTLETALE company offers a paid espionage tool, with a free trial version, for parents, spouses or even employers who would like to monitor what is happening, in real time, on the Android smartphone or the Windows PCsomeone ... and it's scary.
The company's website even has a blog in which PCTATTLETAL gives technical advice to install the application and to ensure that it is not identified by the user.
Lire aussi : Les stalkerwares, ces logiciels espions utilisés comme outils de violences conjugualesMonitor his spouse, children ... his employees
On its website, PCTATTLETAL is defined as a "surveillance software" which allows its users "to see what their children, their employees or their spouse do online".It is specified that the application works "invisible in the background" and that it cannot be detected.As for the consent of the victims of this surveillance, he is simply mocked: "They will have no idea that you are able to see everything they do".
Freezing.The application therefore performs screenshots of the device on which it is installed (an Android smartphone or a Windows PC), which it puts on an AWS server online.And it is enough for the subscriber to connect to his Pctattletale account from his smartphone or computer to view, in real time or in replay, videos reconstituted from screenshots of each movement, entered, and click corresponding toactivities of his victim.
The application blog even offers advice to set up this surveillance discreetly: "You will need to know its access code and have access to the phone for about 5 minutes.The best time to do is when (it) sleeps ”.The application even explains how to prevent the infected smartphone from displaying the application on the home screen ...
Lire aussi : Après celui de Jean Castex, le pass sanitaire d'Emmanuel Macron est dévoilé sur les réseaux sociauxAn unclean application
A security researcher, Jo Coscia, looked at the functioning of PCTATTLETAL, and it is not beautiful to see.First of all, the AWS server on which the videos of the activity of its victim are hosted does not require any authentication to view the images of the screenshots.It's not simple, but it is feasible thanks to a script that could browse the different possible URL combinations.
Indeed, the URL associated with the images consists of the identifier of the infected device, which is a code generated sequentially by PCTATTTLETAL, as well as the date of the screenshot and its horoditing at the second.A script could therefore reveal all the catches made on a device, and even discover the images put online from other infected devices.
Worse: PCTATTLETAL says that user data is deleted after the expiration date of the trial period, but the safety researcher discovered that the captured images were always accessible once the deadline is past.And according to Bryan Fleming, creator of the application and founder of the company, PCTATTLETAL receives around 40,000 unique visitors per month.
"Discover their secret life online directly from your phone or computer," clearly displays PCTATTLETAL in a Facebook publication.
Source :Vice
SOS Public Hospital: our revelation...
The best smartphones for gaming in...
Google Maps: activate the new widge...
Free tips in video: Free Mobile off...