Anand Prakash, a Bangalore based security researcher and ethical hacker has revealed a bug in Uber’s payment services that could have been used for unlimited lifetime free rides anywhere in the world.
He was the first Indian to secure the first rank in Facebook’s ‘White hat’ hackers list.
Bug reported by Anand
According to Anand, the bug was that the user while specifying the payment method like credit or debit, Paytm etc could have easily added an invalid code as bizarre as ‘abc or xyz’ and it would have been accepted as a valid payment method by the app, and the passenger would get a free ride
Anand has revealed the entire loophole process in a video for which he was rewarded $5000 (Rs 3,00,000 Approx) . Uber’s bug bounty program for hackers works with security researchers all over the world to fix bugs and reward from $100 to $10000 for identifying and informing about security bugs in their app.
On Friday, Anand posted an article in his blog titled ‘How anyone could have used Uber to ride for free’ along with a video demonstrating the loophole in Uber’s payment process.
“I took permission from Uber Tem and took free rides in United States and India and I wasn’t charged from any of my payment methods”, said the young ethical hacker in his blog.
The 24 year old Bangalore guy got interest in research field around 2009 and begin bug hunting in 2013.He exposed many bugs in multinational companies like Twitter, Facebook, PayPal,e-Bay and his total bounty stands at Rs 2.3 Crore.
One of Anand’s first bug hunting was with Facebook, he was able to enable someone to find a user online even if they had turned off their chat feature.
Soon Anand is planning to launch his own security startup