Anand Prakash, a product security engineer, has revealed a simple trick that he used to get free rides anywhere in the world.
The computer programmer says that he was testing Uber’s app to find any security loopholes and found one quiet easily.
Prakash an ethical hacker who also runs his own blog, says that the loophole was related to the payment method where by using an invalid method would get him free rides.
Uber used secret tool to evade authorities
“Users can create their account on Uber.com and can start riding. When a ride is completed, a user can either pay cash or charge it to their credit/debit card,” he says, adding, “But, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free.”
The hacker used his method on the ride-sharing app in different countries and found that it worked everywhere. “To demonstrate the bug, I got permission from the Uber team and took free rides in the United States and India and I wasn't charged from any of my payment methods.”
Uber CEO apologies after leaked video
However, Prakash then identified the issue to Uber who have now created a patch for the loophole. He was also rewarded for his effort by Uber through their bug bounty hunters programme.
The ride-hailing behemoth runs a security programme that employs 200 researchers with the task of searching for bugs that can be exploited by hackers. The company pays up to $10,000 for critical issues identified.
Prakash says he makes a living out of finding security bugs and has so far been awarded $13,500 from Uber in bounty rewards.
This article originally appeared on The Telegraph.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ