Back Uber paid an Indian researcher Rs. 4.6 lakh for detecting bug that allowed users to take free rides

 

Ride-hailing app Uber

Ride-hailing app Uber had a bug in its system that allowed users to take free rides across the world. The company was unaware of the bug until an Indian researcher pointed it out. Anand Prakash is an ethical hacker and founder of a cyber security firm. He was paid about ₹4.6 lakh rewards by Uber for detecting the bug.

Prakash discovered the bug in 2017 and shared the incident in a LinkedIn post. 

“I was able to take several trips to the US and India without paying any money, all thanks to this bug(after taking due permission from team for replicating this bug). All I had to do was book a ride and use an invalid payment method and the ride ended up going as free. ( I even made a video to show proof-of-concept to show that all I had to do was specify an invalid payment method, expressed in a simple string of characters like "abc" or "xyz," and not be billed for the ride," Prakash posted on Linkedin.

"We play devil's advocates all the time and so they're able to safeguard corporates and customers the way they do," he wrote further.

Prakash then informed Uber about the bug which was immediately fixed by the company.

Meanwhile, Uber has announced new features for its users to improve their ride experience to airports. These include expanding the availability of Uber Reserve, directions to pickup, walking ETAs and more. Announcing the features via a blog post, the company said “Our goal at Uber is to help you go anywhere effortlessly, which is why we’re thrilled to announce a series of new products aimed at making your airport experience smoother than ever".

No comments:

Post a Comment