NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout


    India Business World Politics Sports Technology Entertainment Auto Lifestyle Inspirational Career Bengaluru Delhi Mumbai Visual Stories Find Cricket Statistics Phones Reviews Fitness Bands Reviews Speakers Reviews

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
     
    Home / News / Technology News / Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward
    Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward
    1/5
    Technology 2 min read

    Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward

    By Shubham Sharma
    Sep 15, 2019
    08:45 pm
    Indian researcher discloses Uber bug, bags Rs. 4.6 lakh reward

    An Indian security researcher has bagged a cash reward of $6,500 (approximately Rs. 4.6 lakh) from Uber Technologies Inc. The man, Anand Prakash, had flagged a critical account hacking vulnerability in Uber's service, prompting the ride-hailing giant to issue an immediate patch and pay Prakash under its responsible disclosure bug bounty program. Here's all about the bug that he disclosed.

    2/5

    Uber accounts found vulnerable to hacking

    During a recent analysis of Uber's app, Prakash unearthed a bug that gave him and potentially other threat actors, the ability to take over the Uber account of any user. He verified the existence of the issue and figured it was risking the security of people using the main Uber app as well as those ordering and delivering food via Uber Eats.

    3/5

    API request issue leaked access tokens

    Prakash claimed the bug stemmed from an issue with the API request function of the Uber app. Typically, API requests are used to ensure one app works with other, like Uber with Google Maps for showing rides on the road. However, in this case, one of the endpoints in the API request channel wasn't properly secured, which gave away access tokens of Uber users.

    4/5

    Issue reported to Uber, now fixed

    After discovering the issue, Prakash, who worked at security firm AppSecure, reported the same to Uber under its responsible disclosure policy. The company recognized the same in a matter of days and issued a patch for the vulnerability on April 26. Just recently, it was made public by the ride-hailing giant on Prakash's request.

    5/5

    Uber has paid over $2 million in bug bounty

    "The bug was quickly fixed through Uber's bug bounty program, which has paid over $2 million to more than 600 researchers around the world, including top researchers in India," Uber told Inc42, adding they're grateful to Indian researchers who have helped protect the Uber platform.

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    India
    Uber
    Security
    Anand Prakash

    India

    21 killed in 2,050 ceasefire-violations by Pakistan in 2019: MEA Islamabad
    Enough jobs, but candidates from North-India lack skills: BJP leader Narendra Modi
    Royal Enfield launches affordable Classic 350 S in India Royal Enfield
    OnePlus TV to become available during Amazon's Great Indian Festival Amazon

    Uber

    Engineer, who created church to worship AI, stole AI-related secrets Google
    Soon, government will define operational rules for Ola, Uber India
    Kolkata: Actress 'dragged out' of Uber, threatened; driver arrested Facebook
    Mumbai rains: Cab rides become as costly as Goa flights India

    Security

    Period tracking apps caught sharing sexual life details with Facebook Facebook
    Millions of Facebook users' phone numbers leaked online: Details here Facebook
    #NewsBytesWeeklyRecap: Apple's Indian store, iPhone launch, OnePlus 7T, and more India
    Now, all popular apps are covered under Google's bug bounty Android

    Anand Prakash

    This startup by IITians helps students crack competitive exams India
    #WhatTheHealth: Fortis overcharged 7-year-old parents; earned up to 1700%-profit Health & Wellness
    Twitter hacking for a living, legally X
    Uber's 'free rides' bug amended by security researcher Bengaluru
    Next News Article

    Love Technology News?

    Subscribe to stay updated.

    Science Thumbnail
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2023