Indian hacker reveals Uber app bug that could give free rides to anyone, anywhere in the world

An Indian bug hunter who makes quite a living off bug bounties identified an Uber bug last year that allowed anyone to get away with free Uber rides.


An Indian bug hunter who makes quite a living off bug bounties identified an Uber bug last year that allowed anyone to get away with free Uber rides.

The Telegraph reports that Anand Prakash, an Andhra Pradesh-based product security engineer discovered the bug when testing the Uber app for security loopholes. He discovered that by entering an invalid input into the credit/debit card fields at the end of an Uber ride, he could get away without being charged.

The bug only works when you choose to pay the Uber driver via credit/debit card at the end of a trip.

It’s reported that Prakash identified the bug in August last year.

Prakash also took permission from Uber before testing out the bug in the wild and discovered that the bug could be exploited in the US as well as India. Prakash has apparently earned over $13,500 (around Rs 9,00,000) in bounties from Uber so far.

Prakash runs a blog where he highlights some of his findings. More details of the Uber payment bug can be found there.

In his blog, Prakash says, “Attackers could have misused this by taking unlimited free rides from their Uber account.”

Uber has since resolved the bug.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.