If you are a user of the Starbucks app that lets you pay for your coffee using a barcode on your smartphone screen, you need to be aware of a very easy to take advantage of vulnerability in the app. It’s not a security issue where someone can hack into your account and pilfer your funds; it’s much easier to do than that, and much less high-tech.
The problem is that the barcodes the app uses for you to scan to pay never change. The barcode for your account is always the same. That means that a black hat standing near you when you have the app up can simply take a photo of your barcode and then use the photo to pay for their drinks.
An employee at system Innovators has demonstrated the process and says that he can take the photo and use your account to pay in about 20 seconds. I’d like to know what developer thought that a barcode that never changes was a smart thing to do.