Starbucks Phone App Stores Password Unencrypted 137
JThaddeus writes "The Daily Caller reports a serious security flaw in the Starbucks phone app: 'Starbucks confirmed late Tuesday that anyone could access the unencrypted data stored on the official Starbucks app simply by connecting the phone to a computer – bypassing lock screen or PIN security features with no hacking or jailbreaking necessary.' The linked report is for iOS. No mention of Android, but do you think it is any different?" (Starbucks says they've addressed the problem.)
When will companies be held liable? (Score:5, Interesting)
When will companies be held liable for implementing incompetent security (or not implementing it all)?
The marketing weenies are all over getting the brand out, but don't give a shit about security.
Companies should be getting fined for crap like this. Between data beaches and gross incompetence at any form of security, trusting a marketing app is the height of stupid.
Hard to have this happen on Android... (Score:4, Interesting)
On Android, a phone will appear as a storage device or camera, unless someone enables debugging and authorizes a computer with its individual key to connect.
I don't see how an app could get data to a computer from a locked Android device unless the app managed to get itself root, or there was some other trick to break into the Android device (physical dumping the RAM), and if an attacker is that sophisticated, pretty much what an app tries to do for security is pointless.
Re:When will companies be held liable? (Score:4, Interesting)
Inductive reasoning states never.
Look at historic security breaches in the past that resulted in massive data compromise. Most companies that were breached are back to their stock norms, or perhaps even higher [1] a few quarters after the incident. Couple this with the belief that security has no ROI...
I wouldn't expect anything to change anytime soon.
[1]: I remember being told by an MBA that all press is good press, so a security breach is still getting a company name in front of people's eyes/ears where they may never have gotten with normal advertising methods.
Re:Bad Coffee, Bad App (Score:5, Interesting)
Love my mocha's. Can't tell you how many times I got to a 'local' coffee house and get a crap mocha. Some like to put store bought chocolate syrup in it, others like to add a mocha powder without first turning it into a wet paste. I've had Swiss Miss packets added to a late and told this was their 'Cafe Mocha'.
All in all, I can count on one hand the number of good cafe mocha's I've had at 'local' coffee houses.
On the other hand, every Starbucks I got into, anywhere in the world, seems to have the same Cafe Mocha. It's as if they had a recipe and the barista's were trained to make it. I like being in a town for the first time in my life, finding a Starbucks and feeling a little bit like being at home.
In the end, I reward any store on it's quality, I don't stereotype a store based on it's number of locations or perceived local community value. Would you patron a crap restaurant just because it's "local"?
Re:When will companies be held liable? (Score:2, Interesting)
I don't know where you live, but throughout most of the world content insurance covers theft.
Both break and enter as well as trespassing don't require the door to be locked. Theft doesn't depend on either of the above cases to be met (if your ladder sticks up over your fence, or your lawnmower is sitting on public land (an easement), or your door mat is sitting outside an apartment unit in a common space, theft is still "depriving someone of lawfully acquired property without the permission of the owner nor the intention to return the item without damage or use".
Content insurance is optional for MOST insurance plans, but that doesn't for a second mean it's "not available".
If a thief walked into your home and jacked a TV because a window was left unlocked, and your insurance company denied the claim on those grounds, it's time to change to a new insurance company. They may ask that you do something to prevent such issues from occurring in the future ELSE your rates may go up, but they cannot deny a claim unless they can prove intentional negligence on the owner's part (like hanging a "free" sign on something and wondering why it went missing)