NEW DELHI — A hacker has found an ingenious way to get free ride on Uber by exploiting a security bug on the ride-hailing service.
Anand Prakash, a product security engineer, has revealed a simple trick that he used to get free rides anywhere in the world.
The computer programmer says that he was testing Uber’s app to find any security loopholes and found one quiet easily.
Prakash an ethical hacker who also runs his own blog, says that the loophole was related to the payment method where by using an invalid method would get him free rides.
“Users can create their account on Uber.com and can start riding. When a ride is completed, a user can either pay cash or charge it to their credit/debit card,” he says, adding, “But, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free.”
The hacker used his method on the ride-sharing app in different countries and found that it worked everywhere. “To demonstrate the bug, I got permission from the Uber team and took free rides in the United States and India and I wasn’t charged from any of my payment methods.”
However, Prakash then identified the issue to Uber who have now created a patch for the loophole. He was also rewarded for his effort by Uber through their bug bounty hunters programme.
The ride-hailing behemoth runs a security programme that employs 200 researchers with the task of searching for bugs that can be exploited by hackers. The company pays up to $10,000 for critical issues identified.
Prakash says he makes a living out of finding security bugs and has so far been awarded $13,500 from Uber in bounty rewards. (The Telegraph)