Hacker reveals simple trick to get free rides from Uber
PakistanToday
An illustration picture shows the logo of car-sharing service app Uber on a smartphone next to the picture of an official German taxi sign September 15, 2014. REUTERS/Kai Pfaffenbach/Illustration/File Photo
A hacker has discovered a simple trick way to get free Uber rides by uncovering a security bug for the popular ride-hailing service.
Anand Prakash, a product security engineer, has revealed a simple trick that he used to get free rides anywhere in the world.
The computer programmer says that he was testing Uber’s app to find any security loopholes and found one quite easily.
Prakash an ethical hacker who also runs his own blog says that the loophole was related to the payment method whereby using an invalid method would get him free rides.
“Users can create their account on Uber.com and can start riding. When a ride is completed, a user can either pay cash or charge it to their credit/debit card,” he says, adding, “But, by specifying an invalid payment method for example abc, xyz etc, I could ride Uber for free.”
The hacker used his method on the ride-sharing app in different countries and found that it worked everywhere. “To demonstrate the bug, I got permission from the Uber team and took free rides in the United States and India and I wasn’t charged from any of my payment methods.”
However, Prakash then identified the issue to Uber who have now created a patch for the loophole. He was also rewarded for his effort by Uber through their bug bounty hunters programme.
The ride-hailing behemoth runs a security programme that employs 200 researchers with the task of searching for bugs that can be exploited by hackers. The company pays up to $10,000 for critical issues identified.
Prakash says he makes a living out of finding security bugs and has so far been awarded $13,500 from Uber in bounty rewards.
