Barcode authentication flaw at a pharmacy
Jun 30th, 2013 by Jesper Kråkhede
One of the good things of growing up is that you now and then are allowed to visit a pharmacy and get prescription drugs…or should it be considered a bad thing? In any case I noticed that the username and password for the computer was posted on a note on the screen, same username and password btw. I also noted that when the clerk needed to authorise an action on the screen she leant forward and let a barcode scanner read a barcode she had on a card. Being the person I am I silently awaited her to finalise my order and during the meantime I played with my phone…or more exact struggled to get a good picture of the barcode. I managed to do that and when she was done I innocently asked how secure the system was if anyone wanted to enter the system and view the information. She bragged a bit of the security measures their department had taken to ensure the security of the system. I nodded and showed her the picture I´ve taken of both the username/password and the barcode. “Could we just test it, just for fun?”, I asked. She just nodded and as expected the barcode logged me into the system. I, of course, deleted the pictures but it shows that security systems that once were regarded as safe with the evolvement of new technology are rendered unsafe.