Anand Prakash, founder of Indian Ethical Hacker and App Secure, has once again revealed the major flaw of Uber. For this, Uber has given them a reward of $ 6,500 (about 4.61 lakh rupees). Even before that, he had found such a bug of Uber, which could take advantage of an unlimited ride.
Anand Prakash has talked to Tech till date and has told that this bug was in Uber's token. Actually a token is prepared for any login. For example, if you log in by entering an email ID and password in the Uber app, then a token is created. This token contains information about your account.
Anand Prakash could get the token of any Uber user with the help of another Uber app. They have said that for this user's phone number or email ID is required. This bug was quite serious, but Uber has said that no hacker has used it with the wrong intent so far.
Overall, taking advantage of this bug, a hacker could take full access to your Uber account. You could know your history and if you have money in your Uber wallet, then obviously you could also use it comfortably.
On logging in Uber's app, you get access token which has a ride history. By inserting a user ID in the Uber app, its token was being leaked. Token could be obtained from email ID and phone number.
After finding the bug, Anand Prakash reported to Uber and Uber considered it. The company has said that by joining the bug bounty, thank those who protect the platform. So far, the company has given a bounty of up to $ 2 million to 600 people worldwide.
Significantly, big tech companies like Google and Facebook run bug bounty programs. Under this, rewards are given on finding any flaws on these platforms. By doing this, companies strengthen their platforms.
