It appears someone at the dev center for the Starbucks app for smartphones that allows payments from mobile phones should have thought things through a bit more. If you use the app on your iPhone you need to be aware of the simple hack that will let a nefarious coffee fiend rob your account dry.
Apparently, the act of hacking the system requires no real hacking. The nefarious fan of overpriced coffee only needs 20 seconds and a camera phone. The problem with the app comes in the fact that the barcode you use for payments is the same each time. Typically, systems for smartphone payments that need barcodes use a onetime code to prevent this.
As you are standing in line thinking about what flavor coffee to get with your Starbucks app open, the person behind you can snap a picture of your barcode and then use that image to pay for their drink when they get to the front of the line. Pretty darn easy to hack huh? Seriously, who thought a persistent barcode was a good idea when writing this app?
Via The Register