Indian hacker discovers loophole in Uber app, gets free taxi rides for life

Hacker demonstrates loophole in Uber app to get free rides for lifetime

An IT worker has discovered a genius way to get free Uber rides for lifetime anywhere in the world.

Anand Prakash, a product security engineer, who runs a blog on web application security, said it was โ€œeasyโ€ to exploit a bug to overwrite the app to get free Uber rides around the world.

โ€œI was testing Uber application for security loopholes,โ€ he explained. โ€œThis is how I was able to figure it out. It was easy to do.

โ€œAttackers could have misused this by taking unlimited free rides from their Uber account.โ€

The loophole was related to the payment method where by using an invalid method would get Prakash free rides.

โ€œUsers can create their account on Uber.com and can start riding. When a ride is completed, a user can either pay cash or charge it to their credit/debit card,โ€ he said.

โ€œBut, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free.โ€

He used his method on the ride-sharing app in different countries and found that it worked everywhere. However, the issue has now been resolved and Prakash was rewarded by Uber for his efforts through its bug bounty hunters programme.

โ€œTo demonstrate the bug, I got permission from the Uber team and took free rides in United States and India and I wasn’t charged from any of my payment methods,โ€ he added.

Currently, the Uber security programme employs 200 researchers who are given the task of finding vulnerabilities that could be exploited by hackers. The company pays out up to $10,000 (ยฃ8,000) for critical issues identified.

โ€œEven with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,โ€ Joe Sullivan, Uberโ€™s Chief Security Officer, said last year.

โ€œThis bug bounty programme will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.โ€

Prakash said he makes a living out of finding security bugs and has until now been awarded $13,500 (ยฃ11,000) from Uber in bounty rewards.

This is not the first time that Prakash has revealed vulnerability. In the past too, he had disclosed how to take over Facebook account and change its password. He is also currently one of the top hackers signed up to the social media siteโ€™s White Hat bug-finding programme. In the meantime, he has found a genius way to get free Dominoโ€™s pizzas free for life.

It has not been a particularly good week for Uber, after its co-founder Travis Kalanick filmed in a heated row with a driver over falling fares went viral, causing him to apologise for it later.

Source: Telegraph

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post