Yes, you can book an Uber ride for free. That too, free for life. Infinite trips, absolutely for free. But not anymore. Sorry to disappoint you, that’s actually a bug in the Uber app. An ethical hacker from India disclosed this bug in the Uber app.
The vulnerability was fixed immediately by Uber. This bug really gave nightmares to Uber. Anand Prakash, a top-ranked hacker from Bengaluru who also won a bounty from Facebook has reported this bug to Uber. This bug in the Uber payment services would allow a user to book unlimited free rides from anywhere in the world.
Prakash also received a bounty of $5000 from Uber. Uber spokesperson said, “Uber’s bug bounty program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report.”
This is how the Uber bug worked:
Users should pay via cash or a card at the end of the trip but when a user enters invalid card details like ‘ABC’ or ‘XYZ’, the Uber app blindly accepts the payment. This is a very serious bug for the tech company. How can a company like Uber leave such an easy way to blind the app?
The hacker was permitted by Uber to demonstrate this bug in India and U.S. Prakash disclosed this bug on his blog after getting an approval from Uber.
About the hacker, Anand Prakash:
Anand Prakash is an ethical hacker from Bengaluru, India. This is not the first time he received a bounty; Previously, he is also rewarded by tech giants like Facebook, Google, Twitter, and Adobe. Facebook rewarded him with $15,000 for finding a bug in the Facebook password system. Contact Anand at [email protected].