back to article Starbucks' iPhone barcode app easily scammed by screengrab

Someone has noticed that the Starbucks' iPhone application can be copied with a screen grab from a neglected handset, enabling the thief to gorge themselves on free coffee*. The payment system relies on reading a bar code from the iPhone's screen, identifying the customer and debiting their account. But the barcode doesn't …

COMMENTS

This topic is closed for new posts.

Page:

    1. Lamont Cranston
      Thumb Down

      Really?

      On the rare occassion that I'm in the branch near work, I get confused looks from the staff when I ask for an extra shot of espresso (I like my latte to taste of coffee, not hot milk); even then, it's still piss weak. Kevin Day described their coffee as "homeopathic," and I'm inclined to agree with him.

      Don't even think about getting an iced coffee from them, either, as that really is brown milk (but mixed with ice!) - they don't even brew a shot to put in, just pull a bottle of pre-flavoured milk from the fridge. Yuk.

    2. Anonymous Coward
      Anonymous Coward

      re: "Coffee" comments

      At least if you add milk you have a beverage that tastes of milk.

      Their espresso is bland, lacking depth and frequently leaves an bad aftertaste in the mouth. I really hope that's not what you look for in your men.

    3. Anonymous Coward
      Anonymous Coward

      damn straight

      none of that artisan crap for me, I'll just have about 6 heaped tablespoons worth of the instant shit in a dirty mug full of hot water please.

    4. Just Thinking

      Disagree

      I have to say I totally disagree with this.

      Starbucks have deliberately designed a system with minimal security, but quick and easy to use, for small transactions. They presumably did this to get customers through quicker at busy times, maybe lose a member of staff, reduce costs of taking card payments or handling lots of small change, and to offer a perceived better service. ie to make more money.

      Against that they calculated the fraud losses would be tiny. Their decision, their risk. If someone complains of misuse, unless there is a specific reason to not believe them, they should refund no questions. Thats the deal, as far as I am concerned.

  1. D@v3

    Which Starbucks app??

    Just had a look in the App store, and the only UK Starbucks app i could find has neither the ability to pay for coffee with the App, or use it as a reward card (Like the SubCard App does)

    Just curious....

  2. Paul 172
    Thumb Up

    There are some problems with your post.

    "* Sometimes Starbucks puts tiny amounts of this in its brown-tinged milk."

    Brilliant :)

    1. Bill Ray (Written by Reg staff)

      Re: Which Starbucks app??

      It's an American thing I'm afraid, just being rolled out across the USA but still not available on this side of the pond:

      http://www.theregister.co.uk/2011/01/21/mcdonalds_starbucks/

      'course, we'll all be using network-branded NFC phones before it spreads over here.

      Bill.

  3. Schultz
    Thumb Up

    brown milk

    ... with lots of caffeine: http://www.blackcatlogistics.com/library/guides/caffeine.jpg

  4. rv
    FAIL

    I remember thinking something similar when they invented money

    what if someone took my wallet, might they buy themselves a coffee before returning it?

  5. Winkypop Silver badge
    Thumb Down

    But first....

    ....you'd actually want to actually steal and drink Starbucks putrid muck.

  6. Mark .

    Taking the phone

    For all the comments about how they might as well steal the phone - that's also a far more significant crime, for which the person will be calling the police straight away, and you've got the evidence on you if you get caught. If there's any CCTV there too, you may be found.

    But it's going to take a lot longer before they notice a mistake on their account, if they notice it at all - plus they'll first of all likely blame Starbucks thinking they did it by mistake, and will have no way of knowing that someone else did this.

  7. Anonymous Coward
    Anonymous Coward

    I'm willing to bet..

    that the barcodes are sequentially generated too, so assuming you can identify the numeric/alphanumeric code that makes the barcode of one of these, you could just add 1 to it, generate a new barcode, repeat ad nauseum as each one of them stops working when someone identifies a problem..

    And while Starbucks coffee is pretty dire, I've had a lot worse. And if you make sure only to order the drip coffee, and then at the end of the day, then you get a proper cup of stand-a-teaspoon-up dirt. Tastes like hot shit, but damn does it get you flying... and feeling rather sick..

  8. Robert Carnegie Silver badge

    If you're bored,

    Watch for "Free Coffee" apps appearing in the Apple Store, and probably quickly disappearing.

    Or, try it on a plastic toy phone - print in colour then apply using double-sided Scotch tape.

    I suggest: have the customer's portrait/passport photo stored in Starbucks computer and displayed when they order. lf the face that's flashing the (?) QR code is not the face on the screen, then get inqUisitive.

  9. Anonymous Coward
    FAIL

    iPhone for the sake of iPhone

    why can't they have a website; "sign up here to get a barcode that you can print out and buy coffee with".

    Most people have access to a printer, most people do not have access to an iPhone.

    It seems to me that every time I read about some new iPhone app its just a crappy implementation of something you could already do (10 years ago) without an iPhone.

  10. Anteaus
    Thumb Down

    Bit like ID cards really...

    This underlines one of the key issues with the now thankfully defunct ID card scheme, and with RFID passports. If another person can easily copy and re-use your credentials, then the ID system facilitates crime instead of preventing it.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019