CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
0
0
0
0
0
Subscribe
CW Pakistan
CW Pakistan CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • Business

CSO Alerts: Quick Take on Uber’s Bug Bounty Program

  • March 7, 2017
Total
0
Shares
0
0
0
Share
Tweet
Share
Share
Share
Share

Uber’s security programme, which is the Bug Bounty Program, invites people to identify any vulnerability in their security systems. 

A product security engineer Anand Prakash, discovered a security bug in popular cab-hailing service, which allowed him to take free Uber rides, tested in the U.S. as well as India.

Uber’s Chief Security Officer, Joe Sullivan said last year in a statement:

“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve. This bug bounty programme will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.”

The computer programmer, who runs a blog on web application security, explained it was “easy” to exploit the security loophole.

“Attackers could have misused this by taking unlimited free rides from their Uber account.”

When ordering an Uber, Prakash was able to avoid paying for the ride by exploiting a bug when specifying his method of payment [Uber users can pay using cash in some cities].

“Users can create their account on Uber.com and can start riding. When a ride is completed, a user can either pay cash or charge it to their credit/debit card. But, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free.”

He identified the issue, which has now been resolved, in August last year and was rewarded by Uber through its bug bounty hunters programme.

“To demonstrate the bug, I got permission from the Uber team and took free rides in United States and India and I wasn’t charged from any of my payment methods,” he added.

According to The Telegraph, Prakash makes a living out of finding security bugs and has so far been awarded $13,500 (£11,000) from Uber in bounty rewards. Before this stunt, he revealed taking over Facebook accounts and changing its password, and is known to be one of the top hackers signed up for social media site’s White Hat bug-finding programme.

Source: The Telegraph
Image Source: Uber

Share
Tweet
Share
Share
Share
Related Topics
  • Anand Prakash
  • Hackerone
  • Joe Sullivan
  • The Telegraph
  • Uber
  • Uber Chief Security Officer
  • Uber Newsroom
  • Uber Pakistan
  • Uber security bug
Previous Article
  • Computerworld

Meetup for Marketers in Digital Spaces: Lahore

  • March 6, 2017
Read More
Next Article
  • Computerworld

Uncovering Big Data @ DIG-IT 2017: PAS Opens Registrations

  • March 7, 2017
Read More
You May Also Like
Read More
  • Business

PAeC and IEEE Islamabad Section Partner to Advance High-Tech and Aerospace Sectors

  • Press Desk
  • July 11, 2025
Read More
  • Business

Etisalat Group Encouraged to Expand Investment in Pakistan’s Key Sectors

  • Press Desk
  • July 7, 2025
Read More
  • Business

Bilal Fibres Limited Announces Revival Strategy Through EV, IT, and Health Tech Expansion

  • Press Desk
  • July 4, 2025
Read More
  • Business

China and Pakistan Expand Agricultural Tech and Trade Ties Under CPEC

  • Press Desk
  • July 3, 2025
Read More
  • Business

Jazz Honored with HR Pinnacle Award for Innovative Learning and Development Programs

  • Press Desk
  • July 2, 2025
Read More
  • Business

2025 SCO Digital Economy Forum to Focus on Cross-Border Digital Collaboration in Tianjin

  • Press Desk
  • July 1, 2025
Read More
  • Business

Data Vault Launches Pakistan’s First AI-Powered Data Center

  • Press Desk
  • June 26, 2025
Read More
  • Business

FPCCI and SECP Host Seminar to Boost Corporatization and Ease of Doing Business

  • Press Desk
  • June 25, 2025

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending Posts
  • KP Launches Digital NOC System to Simplify Travel for Foreign Tourists
    • July 12, 2025
  • Shaza Fatima, Alibaba Discuss Strengthening Pakistan’s Digital Trade and Global E-Commerce Ties
    • July 12, 2025
  • Pakistan Delays Satellite Internet Launch to Finalize Rules, Attract More LEO Operators
    • July 12, 2025
  • IESCO Launches Self-Meter Reading Feature Through Apna Meter Apni Reading App
    • July 12, 2025
  • Pakistan Railways to Launch Digital Business Train with Wi-Fi, Enhanced Onboard Services
    • July 12, 2025
about
CWPK Legacy
Launched in 1967 internationally, ComputerWorld is the oldest tech magazine/media property in the world. In Pakistan, ComputerWorld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan, its sister brand from the same family, was launched and took over the enterprise reporting domain in Pakistan, CWPK has emerged as a holistic technology media platform reporting everything tech in the country. It remains the oldest continuous IT publishing brand in the country and in 2025 is set to turn 30 years old, which will be its biggest benchmark and a legacy it hopes to continue for years to come. CWPK is part of the SPIN/IDG Wakhan media umbrella.
Read more
Explore Computerworld Sites Globally
  • computerworld.es
  • computerworld.com.pt
  • computerworld.com
  • cw.no
  • computerworldmexico.com.mx
  • computerwoche.de
  • computersweden.idg.se
  • computerworld.hu
Content from other IDG brands
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
CW Pakistan CW Pakistan
  • CWPK
  • CXO
  • DEMO
  • WALLET

CW Media & all its sub-brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed by Crunch Collective. ©️1995-2025. Read Privacy Policy.

Input your search keywords and press Enter.