An IT worker from India found out a genius way to get free Uber rides for life.
Anand
Prakash, a product security engineer, detected a bug in the Uber app.
He also runs a blog on web application security and said it was “easy”
to exploit the bug to overwrite the app and get free Uber rides around
the world.
“I was testing Uber
application for security loopholes,” he explained. “This is how I was
able to figure it out. It was easy to do."
In order to check the bug, he alerted Uber and with their permission took several taxi rides to check if he was right. He was!
He took numerous trips in India and US without paying a single penny.
The loophole was related to the method of payment where he used an invalid method to get free Uber rides for himself.
Bad news for those planning to exploit the bug though, Uber has already patched it.
Prakash will be rewarded handsomely for bringing to issue to Uber’s attention via their bug bounty programme.
0 comments:
Post a Comment