60824
Uber User Discovers Free Riding Hack
Uber User Discovers Free Riding Hack

Uber User Discovers Free Riding Hack

Uber User Discovers Free Riding Hack

Uber has patched a bug in its code that allowed a researcher — and anyone else who might have discovered the problem — to hail Uber rides without paying for them.
Anand Prakash, a security researcher, discovered the bug in August and received permission from Uber to test it in the US and India. He was able to successfully exploit the bug, getting free rides in both locations, Tech Crunch reported.
Prakash reported the issue through Uber’s bug bounty program, which rewards hackers with cash for finding and reporting security vulnerabilities. Many tech companies operate bug bounty programs as a way to strengthen the security of their products.
Hackers can make between $100 – $10,000 at Uber depending on the severity of the bug and whether it impacts other users. Uber fixed the bug the same day Prakash reported it and paid him $5,000, but Prakash waited until this week to publicly discuss the bug.
“Attackers could have misused this by taking unlimited free rides from their Uber account,” he explained in a blog post describing the issue.
The bug occurred when specifying a method of payment. Prakash showed in a proof-of-concept video that he could specify an invalid payment method, expressed in a simple string of characters like “abc” or “xyz,” and not be billed for the ride.
“Uber’s bug bounty program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report,” a Uber spokesperson said.
Prakash is ranked 14th in Uber’s bug bounty program, and frequently submits bug reports to other companies such as Facebook, where he is also a top-ranked hacker.
It is not known whether Iran’s ridehailing apps Tap30 and Snapp offer a similar scheme; no local techies in the country have ever claimed otherwise.

Short URL : https://goo.gl/gNvubs
  1. https://goo.gl/LVGavq
  • https://goo.gl/HjIFyS
  • https://goo.gl/3UwMxA
  • https://goo.gl/Cz5IIv
  • https://goo.gl/hI6jiQ

You can also read ...

US Looking East After Fining Europe Over Iran Business
The US effort to put Iran in a financial bind meant European...
Depending on Iran’s progress in completing its action plan, FATF will take further steps in June 2018.
The Financial Action Task Force has recognized measures taken...
Proses has offered to explore a possible SISP at the world class Mehdiabad zinc (lead and silver) project in Iran where it has a role in development planning.
British mining and mineral processing technology company...
Crimean Ports Under Sanctions Looking for Way Out to Iran
Crimea’s ports, which are not operating at full capacity due...
Iran’s Corruption Perceptions Index Improves
Iran’s score based on the Corruption Perceptions Index...
Iranian Internet Service Providers Under Scrutiny
In a bid to increase access to the Internet, the Communication...
Home Security Startup Taps Face-Recognition Tech
A team of engineers that worked on self-driving cars and...
SpaceX successfully deployed a satellite into low Earth orbit for the Spanish government.
SpaceX took a critical step Thursday toward making one of Elon...

Add new comment

Read our comment policy before posting your viewpoints

Trending

Googleplus