www.eCoffeeCard.com.au , has released an app that allows you to keep track of coffee's that you've bought. Seems like a good idea. BUT .... here is where the flaw is ... you scan a publicly available barcode image ... ummm
so when I've used a normal barcode scanner on it what did i find ?
REMOVED AS PER REQUEST
which seems to refer to an id of the coffee place
for those who are playing the coffee game here is a barcode for
REMOVED AS PER REQUEST
so when I've used a normal barcode scanner on it what did i find ?
REMOVED AS PER REQUEST
which seems to refer to an id of the coffee place
for those who are playing the coffee game here is a barcode for
REMOVED AS PER REQUEST
Don't you think that is theft?
ReplyDeleteThere is a cafe who is working hard hours to make a living and you think you are clever?
You are nothing but a thief who needs to get a life.
100% agree with Andrew... very sad to see "tech savvy" people like Leonid "trying" to steal coffee cups... shame!
ReplyDeleteIts only theft if I try to take advantage of this. Which I don't.
ReplyDeleteI strongly feel about security and having flaws in the system.
Security should ALWAYS be on developer's mind.
Mind you .. i really like the Automated email that i got, I guess some one is looking at those transactions:
Thank-you for using eCoffeeCard! I hope your experience so far has been positive.
eCoffeeCard is constantly working with our partners in order to ensure continued use of the loyalty program. To maintain the integrity of our online system, we periodically review accounts.
Whilst we are not for a moment suggesting you have, our automated Coffee Fraud Protection System (CFPS), has detected an unusual time and behaviour of scanning today, the total of 5 transactions: .....
You are a joke... you don't take advantage of this? what about your own comment - "let the free coffee madness begin .. mwahahahahah"
ReplyDeleteAbout to contact eCoffeeCard to let them know about your identity and fraud, hope they take legal actions; theft is a criminal act and I hope you get punished....
-AppPolice
Here is an email form the eCoffeeCard.....
ReplyDeleteWe are well aware of potential 'abuse' you have brought to our attention, which is theft publicly broadcasted online.
Like the previous system, that too was fraudable. Unless the cafe spends significant amounts of money on a 100% secure system, yes, most things are to a certain extent open to 'abuse'. The Cafe I am sure rely's on honesty and integrity.
As you have violated the Terms of Use agreement we have terminated your account indefinitely; Google Nexus S Build/MIUIDEV-1.3.25 has been suspended and fraudulent transactions have been reported to the Cafe.
We believe we have a useful system for both cafes and for consumers and it's a shame that such a small percentage of people think electronic fraud is not stealing.
The loyalty card system is a novelty that Cafes have in place to say "Thank You" to their patrons, in doing so they have a mutual trust and respect that this won't be taken advantage of. It is disappointing that sometimes it is not the case.
On the same note, why don't you buy a stamp and place some extra marks on your existing loyalty card and blog about it.
It is our requirement for you to take blog post down in the next 24 hours before we take legal actions.
Well done eCoffeeCard - they are on top of this... code has been already disabled! Rapid response to theft!
ReplyDeleteTo all readers, AppPolice - blogs about security, fraud and theft in App World, our mission it to control and report abuse;
Thanks for your support!
Hence ends the tale of HOW IMPORTANT SECURITY IS
ReplyDeleteI applaud Leonid's "whistle blowing" of this app.
ReplyDeleteSecurity is paramount for any mobile app being deployed in the market, especially when you are asking customers to sign up to deliver a service to their customers via your app.
The developer has a duty of care to provide a secure app to their customers.
Rather than threatening to take legal action against those who uncover flaws in applications, they should be embracing them and finding new ways to resolve the issues.
If it wasn't for people like Leonid, then developers of apps could deliver sub standard or fraudulent apps without being accountable.
I do concede that the method of announcing the security breach may not have been entirely professional, but either was eCoffeeCards response.
I tried using this app as it was a great idea. However after having a about 5 coffees it lost my data and my coffee count. then it reset and aparently im not the only one. Lucky my local knows who i am. The guys are now giving out the old physical card becuase the system doesnt work.
ReplyDeleteAn interesting thread. I too had issues with the app where i could not redeem my free coffee's. I took the time to contact them and they actually had one of their guys meet me in the coffee shop to see the issue i was having first hand.
ReplyDeleteI applaud the effort they went to and they resolved it and now it works perfectly. It was an issue with Facebook connect.
Keep in mind guys this is a new product, like anything there are going to be teething problems but the support i received was great.
It's a good idea, and i dont have a problem with it now, so perhaps contact them to let them know?
The only other negative i would say is speed, but that is network dependant, i am told a quicker version incorporating an offline mode is very close to being released which will be a huge improvement in the absence of them installing free wifi in every cafe!
I found the app didn;t work me me it seems it still needs a lot of work. good idea though hopefully they can make it work...
ReplyDeleteWho gets the feeling that APPPOLICE works for ecoffeecard.com.au?