An Indian ethical hacker from Bengaluru has discovered a massive bug in the taxi hailing service provider Uber. According to the bug, it was revealed that a user could take advantage of the company’s payment services and get unlimited free rides in cabs, anywhere in the world. Anand Prakash, who found the issue with the code in Uber’s application, is a security engineer working for Flipkart and is one of the top WhiteHat hackers on social networking website Facebook. Anand informed Uber about the bug during a bug bounty program in August 2006. Uber had presented him with a huge prize money for finding the issue in the code.
However, the code which was used by the engineer is not very easy to implement by a common user. But anyone with knowledge of coding and programming could do the same. Explaining the bug in the Uber app, Anand Prakash, who also runs a blog on IT security, wrote: “Uber Technologies Inc. is an online transportation network company headquartered in San Francisco, California, with operations in 528 cities worldwide. Users can create their account on Uber.com and can start riding. When a ride is completed a user can either pay cash or charge it to their credit/debit card.” He added, “But, by specifying an invalid payment method, for example, abc, xyz etc, I could ride Uber for free.” Prakash had demonstrated the bug after taking permission from Uber. He then took free rides, both in the US and India.
The IT expert also posted a video demonstrating how he went about the flaw in Uber’s code. Prakash has several such achievements under his belt. He is a white hat hacker who has been rewarded by many IT companies including Google, Facebook, Adobe and Twitter. When he had found out a bug in Facebook’s password system, the company had awarded him with a whopping $15,000 as prize money.
