An ethical hacker based in Bengaluru has spotted a bug in a popular multinational cab aggregator, Uber's app, by exploiting this bug one could have had free cab rides in India and US respectively.
Anand Prakash, who hails from Rajasthan identifies himself as a bug bounty hunter, was rewarded $5000 by the company for his discovery of the bug that saved their thousands of dollars.
On Friday, he posted an article and a video on his blog titled, ‘How anyone could have used Uber to ride for free’ that demonstrated the fault in the Uber's code.
Praskash writes, “For demonstrating the bug, I took permission from Uber Team and took free rides in United States and India and I wasn't charged from any of my payment methods.”
According to Prakash, when a user create an account on the Uber's website and starts a ride, while paying they can choose either option by cash or credit/debit cards. But when he tweaked the programming code and change it to invalid payment mode, then the ap allowed him to take the free ride.
This is not the first time that he was rewarded with $5000, earlier also he had earned a total of $13500 by reporting bugs.
“Uber’s bug bounty program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report,” an Uber spokesperson was quoted in TechCruch.
Anand Prakash, who hails from Rajasthan identifies himself as a bug bounty hunter, was rewarded $5000 by the company for his discovery of the bug that saved their thousands of dollars.
On Friday, he posted an article and a video on his blog titled, ‘How anyone could have used Uber to ride for free’ that demonstrated the fault in the Uber's code.
Praskash writes, “For demonstrating the bug, I took permission from Uber Team and took free rides in United States and India and I wasn't charged from any of my payment methods.”
According to Prakash, when a user create an account on the Uber's website and starts a ride, while paying they can choose either option by cash or credit/debit cards. But when he tweaked the programming code and change it to invalid payment mode, then the ap allowed him to take the free ride.
This is not the first time that he was rewarded with $5000, earlier also he had earned a total of $13500 by reporting bugs.
“Uber’s bug bounty program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report,” an Uber spokesperson was quoted in TechCruch.