HOME
Breaking News

Anand is ranked among the top four bug bounty hunters on uber globally

by VARINDIA 2019-09-14
Anand is ranked among the top four bug bounty hunters on uber globally

The bug, which was brought to the company’s attention by anand prakesh, a cyber security researcher, in april could also be used to track a uber customer's location. Anand is ranked among the top four bug bounty hunters on uber globally, and the top one from india. This uber bug allowed hackers to order cabs and foods from your account.


Uber, which is currently worth around $57bn, operates in 785 cities around the world. Prakesh was able to access an account's unique user id, or “access token”, by supplying a phone number or email address associated with an account to uber’s application programmer interface (api). Uber has fixed a “severe” flaw that allowed hackers to order rides and food on customers' accounts, at their expense, by using the victim’s email address or phone number.



Apis ship info from uber to app builders, usually to make sure that their apps work with uber, like google maps, which lets you hail a cab out of your location.



Uber paid prakesh $6,500 (£5,300) for bringing it to their attention under its bug bounty programme which classed it as an “8.5 out of 10, severe”. Uber pays up to $50,000 for disclosures. It fixed the bug just days after it was notified.



A spokesman for uber claimed that it did not believe the flaw had been exploited by criminals. He said that uber has an automated protection in place that detects suspicious activity, like a login from a new device, and will alert a user either by asking them to confirm the activity or prompting them to reset their credentials.



They said: “uber's bug bounty programme has paid over $2m to more than 600 researchers around the world and we're grateful for their contributions to help protect the uber platform.”This method for hijacking accounts was exploited by a hacker who felled facebook in october 2018.



Utilizing the same technique of stealing “access tokens”, they had been in a position to compromise 30 million fb accounts. It’s unclear who orchestrated the assault. The federal bureau of investigation opened a probe in october.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
India sees 24% surge in ransomware attacks in H1 2024: Kaspersky

India sees 24% surge in ransomware attacks in H1 2024: Kaspersky

Quick Heal aims to boost consumer business with new anti-fraud solution

Quick Heal aims to boost consumer business with new anti-fraud solution

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
MediaTek Powers India's Digital Future with Latest Innovations

MediaTek Powers India's Digital Future with Latest Innovations

Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems

Sasken Technologies to acquire Borqs Technologies

Sasken Technologies to acquire Borqs Technologies

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro Launches Gemini Experience Zone to Boost AI Innovation

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Wipro partners with RELEX Solutions to enable clients optimize retail operations

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Vertiv and NVIDIA Collaborate on Power and Cooling Solutions for GB200 NVL72

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance

Tech Titans Rally Behind Intel-AMD Partnership to Secure x86 Dominance