Starbucks’ iPhone barcode app easily scammed by screengrab

Bill Ray reports:

Someone has noticed that the Starbucks’ iPhone application can be copied with a screen grab from a neglected handset, enabling the thief to gorge themselves on free coffee.

The payment system relies on reading a bar code from the iPhone’s screen, identifying the customer and debiting their account. But the barcode doesn’t change – and the iPhone has a screen-grabbing function built in, so leaving your handset on the table could allow anyone nearby to make an instant copy of your details and even mail them straight to themselves right from the phone.

Kelley Langford, of System Innovators, based in Florida, reckons he can do that in 20 seconds, and has demonstrated the process repeatedly – showing people just how insecure the Starbucks application is, and presumably drinking a lot of free coffee while doing so.

Read more on The Register.

About the author: Dissent

Comments are closed.