Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward
  • Science

    Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Sep 15, 2019, 08:45 pm
    Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward
  • An Indian security researcher has bagged a cash reward of $6,500 (approximately Rs. 4.6 lakh) from Uber Technologies Inc.

    The man, Anand Prakash, had flagged a critical account hacking vulnerability in Uber's service, prompting the ride-hailing giant to issue an immediate patch and pay Prakash under its responsible disclosure bug bounty program.

    Here's all about the bug that he disclosed.

  • In this article
    Uber accounts found vulnerable to hacking API request issue leaked access tokens Issue reported to Uber, now fixed Uber has paid over $2 million in bug bounty
  • Issue

    Uber accounts found vulnerable to hacking

  • During a recent analysis of Uber's app, Prakash unearthed a bug that gave him and potentially other threat actors, the ability to take over the Uber account of any user.

    He verified the existence of the issue and figured it was risking the security of people using the main Uber app as well as those ordering and delivering food via Uber Eats.

  • Details

    API request issue leaked access tokens

    API request issue leaked access tokens
  • Prakash claimed the bug stemmed from an issue with the API request function of the Uber app.

    Typically, API requests are used to ensure one app works with other, like Uber with Google Maps for showing rides on the road.

    However, in this case, one of the endpoints in the API request channel wasn't properly secured, which gave away access tokens of Uber users.

  • Fix

    Issue reported to Uber, now fixed

    Issue reported to Uber, now fixed
  • After discovering the issue, Prakash, who worked at security firm AppSecure, reported the same to Uber under its responsible disclosure policy.

    The company recognized the same in a matter of days and issued a patch for the vulnerability on April 26.

    Just recently, it was made public by the ride-hailing giant on Prakash's request.

  • Quote

    Uber has paid over $2 million in bug bounty

  • "The bug was quickly fixed through Uber's bug bounty program, which has paid over $2 million to more than 600 researchers around the world, including top researchers in India," Uber told Inc42, adding they're grateful to Indian researchers who have helped protect the Uber platform.

  • India
  • Uber
  • Google Maps
  • Security
  • Inc42
  •  
Latest News
  • Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Prince Harry's James Corden interview caused ''disquiet' at Buckingham Palace?
    Entertainment
  • Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Samsung Galaxy M31s becomes cheaper; now starts at Rs. 18,500
    Science
  • 'Baahubali' writer roped in for 'Sita - The Incarnation'
    'Baahubali' writer roped in for 'Sita - The Incarnation'
    Entertainment
  • BS6 Kawasaki Ninja 300's colors and engine details revealed
    BS6 Kawasaki Ninja 300's colors and engine details revealed
    Auto
  • La Liga, Sevilla 0-2 Barcelona: Records broken
    La Liga, Sevilla 0-2 Barcelona: Records broken
    Sports
Related Timelines
  • Instagram vulnerability could have led to account hijacks; now fixed
    Instagram vulnerability could have led to account hijacks; now fixed
    Science
  • #BugAlert: Critical desktop hijack vulnerability detected in Slack; now fixed
    #BugAlert: Critical desktop hijack vulnerability detected in Slack; now fixed
    Science
  • #BugAlert: Security flaw flagged in Safari, but Apple delayed patch
    #BugAlert: Security flaw flagged in Safari, but Apple delayed patch
    Science
  • Critical vulnerabilities risking private user data flagged in OkCupid
    Critical vulnerabilities risking private user data flagged in OkCupid
    Science
Trending Topics
Samsung OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News YouTube Hollywood News WhatsApp Bollywood News ISRO Yoga Honda Batman Football News
BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota Fashion Tips Farmers Protest Mohammed Bin Salman
Mercedes Europa League Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers Neha Kakkar
Premier League Big Bang Theory X-Men TATA
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021