International ride-hailing large Uber has lately fastened a hacking bug discovered by Indian cyber-security researcher Anand Prakash which allowed hackers to log into anybody’s Uber account.
Uber has paid Prakash $6,500, i.e. about Rs 4.6 lakh as a reward for giving details about this bug.
Prakash defined that the bug was an account-takeover-vulnerability on Uber that allowed attackers to take over another consumer’s Uber account, together with these of companions and Uber Eats customers, Inc42 reported.
As per Prakash’s weblog, the bug was current within the API request operate of the Uber app. Prakash describes “an account takeover vulnerability on Uber which allowed attackers to take over another consumer’s Uber account (together with riders, companions, eats) account by supplying consumer UUID within the API request and utilizing the leaked token within the API response to hijack accounts. We had been capable of enumerate another Uber’s consumer UUID by supplying their telephone quantity or e mail tackle in one other API request.”
He added that the bug “allowed an attacker to trace the sufferer’s location, take rides from their account, and so on. by compromising the account utilizing the leaked entry token of Uber cellular utility. This additionally permitted takeover of Uber driver, Eats accounts.”
In keeping with an announcement supplied by an Uber spokesperson to Inc42, “The bug was rapidly fastened by way of Uber’s bug bounty program, which has paid over $2M USD to greater than 600 researchers all over the world, together with prime researchers in India. We’re grateful for his or her contributions to assist shield the Uber platform.”
Earlier Prakash had eliminated a bug in Uber, by making the most of which anybody might journey at no cost for a lifetime in an Uber cab.
For the newest tech information and opinions, comply with Devices 360 on Twitter, Fb, and subscribe to our YouTube channel.
TikTok’s Beijing Roots Gasoline Censorship Suspicion as It Builds Big US Viewers