Security researchers find major vulnerabilities in Uber
A group of hackers from a security company in Portugal managed to hack into Uber and get their hands on a bunch of data that should remain hidden.
The team of three experts, Vitor Oliveira, Fábio Pires and Filipe Reis from Integrity, found a total of six flaws: they managed to use promotion codes, found private emails using UUID, found users’ phone numbers, created driver accounts, validated them, found where you went, who your driver was, and who you are and, ultimately, date of the trip, driver name and picture, the ID and the cost of the trip. The route map was also disclosed.
All these vulnerabilities have been kept secret until Uber issued fixes, so you can now sleep peacefully. However, this still doesn’t mean that someone didn’t manage to get its hands on this information earlier.
The crew decided to pursue these vulnerabilities because Uber issued a bounty on whoever finds any. In the researchers’ report, there is no mention on how much money they got for finding these.
They did, however, praise Uber for its fast response when it comes to patching the issues up.
"With this being said, we think that Uber has one of the best bug bounty programs, with great payouts. From a pentester’s view, the security team takes this program very seriously by trying to resolve all the issues as fast as they can".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.