+ Reply
Results 1 to 2 of 2

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Starbucks Patches iOS App with New "Safeguards" After Security Controversy

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #1
    MMi Staff Writer Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    3,940
    Thanks
    3
    Thanked 123 Times in 108 Posts

    Default Starbucks Patches iOS App with New "Safeguards" After Security Controversy


    Starbucks recently responded to criticism after it was discovered that its iOS payment app didn’t encrypt users’ login information. The coffee mega chain did this by releasing a new update that promises additional “safeguards” for customers. As of right now it is unclear whether Starbucks version 2.6.2 completely addresses the security issues that gained attention this week. The Starbucks CIO did previously promise that an update coming “soon” would ensure that usernames and passwords were no longer stored as plain text.

    The release notes for today’s update simply state that the latest version includes “additional performance enhancements and safeguards.” For those of you who didn’t know, Starbucks has been under fire after security researcher Daniel Wood publicly disclosed the vulnerability, which requires an attacked to have physical access to the device. Wood reportedly contacted Starbucks to report the flaw and said he opted to go public after the company failed to fix the issue.

    Previously, the Starbucks app relied on a log file from Twitter-owned crash reporting analytics firm named Crashlytics. The log file could reportedly be retrieved from a user’s handset if someone gains physical access to the iPhone, even if it is secured with a PIN lock and the file is said to contain unencrypted versions of the customer’s username, email address and password.


    We’ll have to wait and see if the poor security has been improved upon with the app update.

    Source: iTunes

    Twitter: @AkshayMasand

  2. #2
    My iPhone is a Part of Me
    Join Date
    Nov 2008
    Posts
    641
    Thanks
    22
    Thanked 37 Times in 36 Posts

    FYI the modmyi app also stores your login info in plain text if you know where to look...

  3. The Following 2 Users Say Thank You to docmagoo2 For This Useful Post:

    Faresismail (01-19-2014), ThatOneProfile (01-19-2014)

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts