Here is yet another IT worker who discovered a genius way to get free rides in Uber app. And yes, he got free rides for a lifetime. He is an Indian hacker from Bangalore, Anand Prakash. He has revealed a security loophole in Uber app. It allowed him to get free rides for life. The San-Francisco based company has got 528 cities where Uber offers its services. So what exactly was the security flaw of Uber?
When a user is creating an account in Uber app, then he can make pay after the rides in cash, or you can also pay with internet banking, debit/credit cards or PayTm wallet. The problem is, when you select an unspecified mode of payment, the app will allow a free ride. In a video, he showed the bug after taking permissions from the Uber Team. He showed the team how he could get the free ride with this flaw in the app. He was not charged a single penny in the US for free rides.
The Uber app loophole
Here is the program that he posted on his blog as a vulnerability in Uber app.
[quotes quotes_style=”bquotes” quotes_pos=”center”]Vulnerable request:
POST /api/dial/v2/requests HTTP/1.1
Steps to reproduce:
1) Replayed the above request with random characters as payment_method_id.
2) Ride was free.[/quotes]
Here is a video link to justify the proof
Well, this hack is not as simple as you think it is. So any layman cannot replicate this hack. You need to know coding and scripting to replicate this hack. The security flaw is fixed by Uber. As a reward, Anand Prakash got $13500 from Uber. Thanks to this Indian ethical hacker who prevented a massive loss of Uber.
The security program of Uber comprises of 200 researchers, who are working on fixing any bugs or exploits. The company will pay up to $10000 as an award to anyone who can identify a bug and report it. Anand Prakash is an ethical hacker who makes a living by identifying any security bugs.
Prakash is also one of the top hackers who is involved with Facebook’s White hat bug finding program. He was the one who found the security flaw in Facebook where anyone could take over other Facebook’s account and change its password. He got a good amount of $15000 from Facebook.