Retail

Indian ethical hacker helps Uber fix flaw in its app that exposed user numbers, email


BENGALURU: Uber fixed a vulnerability in its mobile app, which allowed hackers to access the account of any user worldwide either using their phone number or email id and hail a cab, after an Indian ethical hacker alerted the ride hailing company of the bug.

Anand Prakash, founder of Appsecure, a cyber security firm discovered the vulnerability in April and alerted Uber, which acknowledged the vulnerability immediately and fixed it.

The bug could allow a hacker to get private data of the account holder’s ride history, take rides from the account, and pay for rides by drawing money from the account holder’s wallet or credit card. The hacker could also log into a driver’s account, check transactions done via “Uber Eats,” the food delivery section of Uber.

Prakash earned a “bounty” of $6,500 from Uber for detecting the flaw.

Global technology companies such as Google, Facebook and Uber have bug bounty programmes that allow ethical hackers to find vulnerability in their software and inform them before any untoward incident. Prakash is ranked among the top four bug bounty hunters on Uber globally, and the top one from India.

Uber in a statement said that its bug bounty programme has paid over $ 2 million to over 600 researchers around the world, including top researchers in India. “We are grateful for their contributions to help protect the platform,” Uber said.

Uber in a post on the bug bounty platform said the bug allowed an attacker to “retrieve personal data from the victim user’s account, as well as the user’s mobile auth token, which could allow them to make requests to mobile APIs as the victim.“





READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.