Uber News and Updates: Company Fixes an Issue That Would Have Allowed Unlimited Free Rides
It was revealed recently that Uber was able to fix a code bug that, when exploited, would allow unlimited free rides.
A security researcher from Bangalore, India named Anand Prakash recently shared through his personal blog that he was able to discover a major bug from the Uber app. Luckily for Uber, they were reportedly able to resolve the issue through a patch within a day.
In a March 3 entry on his personal blog, Prakash said: "This post is about an interesting bug on Uber which could have been used to ride for free anywhere in the world. Attackers could have misused this by taking unlimited free rides from their uber account."
Get Our Latest News for FREE
According to Tech Crunch, Prakash reported the bug to Uber through the company's bug bounty program where hackers and security researchers are encouraged to help Uber find unknown vulnerabilities or security issues.
Uber rewards researchers or hackers who will be able to help them spot the unknown security vulnerabilities in their system. The monetary incentive ranges from $100 to $10,000 depending on the potential scale and gravity of the reported issue had it not been found and solved.
Tech Crunch also mentioned that the unlimited free rides bug was originally discovered by Prakash in August. Upon learning about the system issue, Prakash was permitted by Uber to exploit the code bug and see if it works in the U.S. and India, which it did. In his blog, Prakash also included a YouTube video demonstration on how he was able to exploit the bug.
An Uber spokesperson was quoted in the same Tech Crunch report as saying: "Uber's bug bounty program works with security researchers all over the world to fix bugs, even when they don't directly impact our users. We appreciate Anand's ongoing contributions and were happy to reward him for an excellent report."
