logoSign upLog in
Ketu Software

Ketu Software

To IT - Information Technology16/06/2015

An Analysis of the Starbucks Cyber Attack and How To Stay Protected
How could Starbucks (or any corporation) avoid these situations in advance?
1. Secure application data: During development of the app, Starbucks should have validated that Secure Data Storage is enforced. This is one of the basic requirements covered by the OWASP Top 10 for mobile and PCs, and a great practice for app developers hoping to protect customers and themselves.
2. Two-factor authentication: After last year's breach, Starbucks should have enforced 2-step authentication for all customers who use the app for payments. Weak authentication is not acceptable on applications when so much is at stake. Starbucks’ claims of re-used passwords is another inducer to make use of 2-factor authentication techniques.
3. Proper data encryption: Data stored on the device should be encrypted properly. According to OWASP Mobile Top 10, the two ways that improperly encrypted data can manifest itself in a mobile app are that the app may utilize a flawed process and can be easily exploited, and that the app “may implement or leverage an encryption / decryption algorithm that is weak in nature and can be directly decrypted by the adversary." We have not tested the Starbucks App encryption technique however this is a rule of thumb when creating mobile application that store sensitive data. https://goo.gl/q1ttvq

Ketu Software