Uber's security flaw could allow hackers to gain access to user accounts

Uber has not warranted an immediate action or a fix as such.

|

Uber, the popular ride-hailing app has been the talk of the town for several reasons be it good or bad. While the cab service provider has been trying to balance and maintain its image in the society, now a new report has appeared online stating that Uber has ignored a security flaw in its system. Tech website ZDNet has reported the case and has stated that Uber has missed detecting a security flaw that could allow an attacker to hack into user accounts by bypassing the system's two-factor authentication feature. The flaw was reportedly discovered by a New Delhi-based security researcher.

 
Uber's security flaw can allow hackers to gain access to user accounts

"Two-factor authentication is a vital part of protecting online accounts that adds a second layer of security on top of your username and password - which can be stolen - by sending a code by text message to your phone which only you would have access to," the publication has said.

 

While Uber has already placed two-factor authentication on its systems since 2015, "That two-factor code can be bypassed, making the second layer of security protection effectively useless," security researcher Karan Saini was quoted as saying by ZDNet.

After discovering the flaw he had filed a bug report with HackerOne, which administers Uber's bug bounty, but it was in vain. Uber rejected his report stating it as "informative," which further means it contains "useful information". The company has not warranted an immediate action or a fix as such.

Further Uber has reportedly said the security bug "is not a particularly severe" issue. "This is likely an expected behavior," Rob Fletcher, Security Engineering Manager at Uber has said. Uber's spokesperson Melanie Ensign has also issued a statement saying the bug "is not a bypass," and is "likely caused by the security team's ongoing testing to evaluate and refine the effectiveness of different techniques" to secure accounts.

As for the flaw, the security bug basically works it way around the system by exploiting a weakness in how the app authenticates a user when they log in to the platform. By doing so the bug lets the user log in to an account and easily defeat the two-factor prompt, without entering the correct code.

However, Saini is quite concerned and has stated that the bug can be found quite easily and that people with malicious intent could misuse it.

Best Mobiles in India

Read More About: uber malwares windows news

Best Phones

Get Instant News Updates
Enable
x
Notification Settings X
Time Settings
Done
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
X