Go Back   Wiki NewForum | Latest Entertainment News > Tech Gadgets Forum

Indian cybersecurity researcher gets $6,500 for spotting Uber hacking bug

Views: 106  
Thread Tools Rate Thread Display Modes
Old 09-15-2019, 12:29 PM
welcomewiki welcomewiki is offline
Join Date: Dec 2008
Location: India
Posts: 80,497
Default Indian cybersecurity researcher gets $6,500 for spotting Uber hacking bug

Uber has paid $6,500 to an Indian cybersecurity researcher,*named Anand Prakash, who discovered a*serious security bug. The company has already fixed it as the bug would have allowed any hacker to take over a user’s account. This also included the accounts of partners and Uber Eats users. Under the company’s responsible disclosure policy, the researcher was given permission to disclose more details of the security bug.

As part of the Uber’s bug bounty program, the company then awarded*$6,500 to Prakash.*Inc42 reported that the bug was present in the API request where the researcher’s team was easily able to enumerate other Uber users’ UUID. In case you are not aware, APIs are leveraged to authenticate and secure two services.*Prakash also asserted that “this was because authorization was missing on an endpoint, which resulted in access token leak of Uber mobile apps of other users by just supplying the user id.”

Also Read

Facebook awards Tamil Nadu man $30,000 for spotting a major bug in Instagram

An Uber spokesperson said, “The bug was quickly fixed through Uber’s bug bounty program, which has paid over $2M USD to more than 600 researchers around the world, including top researchers in India. We are grateful for their contributions to help protect the Uber platform.”

Separately, in July this year,*Facebook awarded a Tamil Nadu-based security researcher, named Laxman Muthiyah for spotting a major bug in Instagram. The company gave $30,000 as a part of a bug bounty program after he spotted a flaw in Facebook‘s photo-sharing Instagram app. The researcher said that the vulnerability allowed him to “hack any Instagram account without consent permission.”

Also Read

Uber launches 24×7 safety helpline in India to improve users’ experience

The researcher asserted that hacking anyone’s Instagram account was easy by just triggering a password reset, requesting a recovery code. “I reported the vulnerability to the Facebook security team. They were unable to reproduce it initially due to the lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible,” Muthiyah said.


Reply With Quote

New topics in Tech Gadgets Forum

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2020, vBulletin Solutions, Inc.