People who could discover a loophole in the Uber app were able to get free rides on the app. The hacker who discovered the flaw was rewarded by Uber for identifying and reporting the bug to the company.
The name of the hacker is Anand Prakash who is a Security Researcher and a white-hat hacker. He makes his earnings by finding flaws and vulnerabilities in websites. A few months ago, he spotted a bug in the system of the famous ride-hailing app Uber. After getting permission from the company, he exploited the hack by getting free rides in India and the USA.
Uber has a Bug Bounty Program through which it rewards the hackers who are able to discover vulnerabilities in their app. There are many tech companies which support bug bounty programs including Yahoo, Facebook, Google, and Microsoft. Upon finding any loophole, the companies reward the hackers with rewards for their valuable contributions.
The reward which is offered by Uber in return ranges from $100-$10,000. The amount of the reward depends on the type and magnitude of vulnerability which has been discovered by the hacker.
Uber has rewarded Prakash with $5,000 for finding a bug and reporting it to the company which would allow users to get as many free rides as possible by exploiting the bug. In his blog he wrote:
“Attackers could have misused this by taking unlimited free rides from their Uber account.”
The problem was with the payment method of the app. Prakash has demonstrated in a video how he was able to dodge the system by specifying an invalid payment method. Usually, the customers pay for their rides through cash or credit card but he specified his payment methods as ABC or XYZ and was able to take the ride free of cost.
A spokesperson from Uber went on to say, “Uber’s Bug Bounty Program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report.”
Prakash has been ranked 14th in Uber’s Bug Bounty Program. Last year, Facebook rewarded him with $15,000 for identifying a bug which allowed Facebook accounts to be hacked.
- uber-deals: The Independent