Uber’s security breach teaches us many hidden things
The user of the smartphones has to be smart enough on how and what to see in the smartphone . If you are not smart enough, you may land up in a great disaster. Your entire earned amount can be taken out in few seconds. That’s one pretty big reason why the Uber security breach is such a big deal.
A 18 year old hacker has involved in mass-scale attacks to Uber. He successfully obtaining the employee’s account password, the hacker tricked the employee into approving a push notification for multifactor authentication. The intruder then uncovered administrative credentials that gave access to some of Uber’s crown-jewel network resources. Uber responded by shutting down parts of its internal network while it investigates the extent of the breach.
We put a lot of trust into companies with our data. Some security breaches can ruin lives if the data falls into the wrong hands, and if I had an Uber account that I had used more than once, I’d be worried about what information may now be out there on the internet. There’s no telling what was stolen, as treasure troves of data like that can be sold for a lot of money on the underground market. Even if your smartphone is secure with a password, you’re putting a lot of trust in your phone’s security systems.
Only recently was a vulnerability in the Titan M security chip (found in Google Pixel phones) fixed in an Android security patch update, and it allowed for escalation of privilege with “user interaction not needed for exploitation”. Researchers were then able to extract cryptographic keys that should never leave the device.
Uber's breach taught us to re-evaluate the companies that you trust. The screenshots provided evidence that the individual had access to assets, including Uber’s Amazon Web Services and G Suite accounts and code repositories.
In other words, Uber’s breach should be a call to re-evaluate the companies that you trust, and with what data. While we don’t fully know the scope of that breach just yet, it was only a matter of time before a company had a breach of this potential scale.
While companies are expected to follow best practices in storing user data (including hashing and salting user passwords, credit cards, and more), you’re putting a lot of trust in companies to have followed those best practices. Even if a company claims to have encrypted those passwords, that doesn’t mean you’re safe forever if that data leaks.
Uber had MFA, short for multifactor authentication, in place in the form of an app that prompts the employee to push a button on a smartphone when logging in. To bypass this protection, the hacker repeatedly entered the credentials into the real site. The employee, apparently confused or fatigued, eventually pushed the button. With that the attacker was in.
INTERVIEWS
TOP VIDEOS
SECURITY
SOFTWARE
Newgen to streamline end-to-end lending processes with Mambu
Newgen Software is announcing its partnership with cloud banking platform, Mambu. The part...
UiPath and Amelia bring in a new era of seamless digital experiences for the Future of Work
UiPath and Amelia, the enterprise leader in Trusted AI have announced a partnership that b...
Zoom expands Zoom IQ with a host of new capabilities
Zoom Video Communications has announced the expansion of Zoom IQ, a smart companion that e...
START - UP
PERIPHERALS
INDUSTRY EVENTS
Team Computers along with Microsoft Surface hosts 300 IT leaders
Team Computers has organized an event to showcase how the diverse range of Microsoft Surfa...
Cisco aiming to build a trusted and resilient future for the nation
Daisy Chittilapilly, President, Cisco India & SAARC The US-based te...
Providing multilingual internet crucial to bridge digital divide in India: MeitY Addl Secy
Calling India the right place for Universal Acceptance Day celebrations, Bhuvnesh Kumar, I...
The new wave of start-ups in the country is a testimony to the entrepreneurial temperament of the youth
PHDCCI conducted “Bharat Startup Summit, 2023” The conclave through discussion...
E- COMMERCE
