Just In
- 11 hrs ago Elon Musk’s X Is Launching a TV App Similar to YouTube for Watching Videos
- 12 hrs ago Qualcomm Reveals Snapdragon X Plus Chip for Laptops: 10 Core CPU, On-Device AI, & Much More
- 12 hrs ago Flipkart Teases “Jaw-Dropping” Discount on iPhone 15: All-Time Low Price Anticipated
- 12 hrs ago President Joe Biden Signs Bill to Ban TikTok in the US: Unless This One Condition is Met
Don't Miss
- Movies Pavi Caretaker Box Office Collection Day 1 Prediction: Dileep's Movie Expected To Open Strongly
- Sports Who Won Yesterday's IPL Match 41? SRH vs RCB, IPL 2024 on April 25: Royal Challengers Bangalore End Losing Streak
- Finance Bajaj Group Stock Declares Rs. 60/Share Dividend: Buy Ahead of Record Date On 28 June?
- News MEA Dismisses US Human Rights Report On Manipur As 'Biased And Misinformed'
- Automobiles Royal Enfield Unveils Revolutionary Rentals & Tours Service: Check Out All Details Here
- Education AICTE introduces career portal for 3 million students, offering fully-sponsored trip to Silicon Valley
- Lifestyle Heeramandi Screening: Alia Bhatt, Ananya Panday, Rashmika Mandanna And Others Serve Finest Ethnic Style!
- Travel Escape to Kalimpong, Gangtok, and Darjeeling with IRCTC's Tour Package; Check Itinerary
Uber's security flaw could allow hackers to gain access to user accounts
Uber has not warranted an immediate action or a fix as such.
Uber, the popular ride-hailing app has been the talk of the town for several reasons be it good or bad. While the cab service provider has been trying to balance and maintain its image in the society, now a new report has appeared online stating that Uber has ignored a security flaw in its system. Tech website ZDNet has reported the case and has stated that Uber has missed detecting a security flaw that could allow an attacker to hack into user accounts by bypassing the system's two-factor authentication feature. The flaw was reportedly discovered by a New Delhi-based security researcher.
"Two-factor authentication is a vital part of protecting online accounts that adds a second layer of security on top of your username and password - which can be stolen - by sending a code by text message to your phone which only you would have access to," the publication has said.
While Uber has already placed two-factor authentication on its systems since 2015, "That two-factor code can be bypassed, making the second layer of security protection effectively useless," security researcher Karan Saini was quoted as saying by ZDNet.
After discovering the flaw he had filed a bug report with HackerOne, which administers Uber's bug bounty, but it was in vain. Uber rejected his report stating it as "informative," which further means it contains "useful information". The company has not warranted an immediate action or a fix as such.
Further Uber has reportedly said the security bug "is not a particularly severe" issue. "This is likely an expected behavior," Rob Fletcher, Security Engineering Manager at Uber has said. Uber's spokesperson Melanie Ensign has also issued a statement saying the bug "is not a bypass," and is "likely caused by the security team's ongoing testing to evaluate and refine the effectiveness of different techniques" to secure accounts.
As for the flaw, the security bug basically works it way around the system by exploiting a weakness in how the app authenticates a user when they log in to the platform. By doing so the bug lets the user log in to an account and easily defeat the two-factor prompt, without entering the correct code.
However, Saini is quite concerned and has stated that the bug can be found quite easily and that people with malicious intent could misuse it.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
79,900
-
1,39,900
-
1,29,900
-
65,900
-
1,56,900
-
1,30,990
-
76,990
-
16,499
-
30,700
-
12,999
-
11,999
-
16,026
-
14,248
-
14,466
-
26,634
-
18,800
-
62,425
-
1,15,909
-
93,635
-
75,804