Hacker from india find a bug in Uber which would allowed free rides for life
Indian hacker discovers a bug in Uber that allowed free rides for life
An Indian hacker has saved the ride-haling service provider Uber from a massive situation. Anand Prakash, a Bengaluru-based white hat hacker has found a loophole in the payment services of Uber, which helped him to score unlimited lifetime free rides anywhere in the world. Prakash blamed this on security flaws in the online web portal of Uber and meanwhile reported the defect on his personal blog as well.
According to Uber’s payment procedure, a user can simply create an account on the website and commence their ride. And to make payment, It allows its rider to do payment soon after the completion of a ride through various payment modes like a credit card, a debit card, cash or a mobile wallet. An ethical hacker Anand Prakash found a bug while he was using the dial.uber.com website, then he tweaked the backend and tracked the invalid payment method, through which he was unable to pay from and thereafter allowed him to ride for free of cost. He tried this both in India and the USA.
Now, the bug was immediately fixed by the developing team of Uber. After taking due permission from the company, Prakash demonstrated the bug on his blog. In the August 2016 he identified the issue and then he was awarded by Uber through its bug bounty hunters program.
The Uber security program currently hired 200 researchers who search for the error which could be exploited by the hackers, for which the company paying out nearly $10,000 which is approximately Rs. 667,000 if they identified critical issues. In recent interview, Prakash said that he makes living out of exposing security bugs and has so far been received awards of $13,500 which is around Rs. 900,000 from Uber in the form of bounty rewards.
Last year, Anand Prakash was awarded $15,000(approx Rs. 10 Lakh) for finding a bug in Facebook’s login system. And he has also been awarded by several famous tech giants such as Facebook, Twitter, Google, Nokia, Zomato, Adobe and Dropbox among others.