Hacker Prakash strikes again! Shows how to get free Uber rides

06 Mar 2017

A hacker from Bangalore has uncovered a security loophole in the Uber app, which potentially allows one to get a lifetime of free rides. Yes, you heard it right - never pay Uber for your rides, ever!

Ethical hcker Anand PrakashBut before you get too excited, it should be noted that Uber has now fixed the security flaw.

The hacker, Anand Prakash, has posted a video that shows how anyone could have used the loophole within the Uber app to gain free rides. He mentions that the San Francisco-based transportation company, which has around 528 cities in its portfolio, has a security flaw.

When a user creates an account on the Uber portal, he or she can book rides and pay after completion of the ride, either by credit or debit card or by cash or a wallet. However, when he specified an invalid payment method that he cannot pay from, the Uber app allowed him to ride for free.

Prakash demonstrated the bug after taking permissions from the Uber team. He showed the team how he could ride for free with the flaw in India and in the United States.

He has posted the same details on his blog, but the hack may not be simple for most people as you need to know a little scripting and coding. The security flaw is now fixed by Uber - thanks to the hacker who has saved Uber from a huge potential loss.

Uber's security programme has around 200 researchers onboard who deal with bugs and exploits. The company pays up to $10,000 as award for any critical issues identified and reported to them. Prakash is an ethical hacker and makes a living from finding security bugs. Uber has rewarded Prakash with around $13,500 from its bounty programme.

Prakash is also presently one of the top hackers with Facebook's White Hat bug finding programme. He was the one to find the security flaw with Facebook where one can take over anyone's Facebook account and change its password. He received an award of $15,000 from Facebook.