Evidently it pays to be good. Anand Prakash, a product security engineer in India discovered a loophole within the Uber app
which allows riders complete rides without making payments.
But how did this loophole in the Uber app work?
Detailing how ride payments could be hacked on the Uber app, Anand who also runs an IT blog said, “When a ride is completed a user can either pay cash or charge it to their credit/debit card…but by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free.”
According to Telegraph, Anand stated that, “Attackers could have misused this by taking unlimited free rides from their Uber account.”
Before you rush to try this out, Uber has since fixed this gap and yes, you have to keep paying for rides.
To show if and how it works, Anand requested permission from Uber to complete several rides around the U.S and India. He completed these trips and didn’t pay a dime.
Prakash stated he makes a living out of finding security bugs and by being a part of the Uber security program has until now been awarded $13,500 (£11,000) from Uber in bounty rewards