File illustration picture showing the logo of car-sharing service app Uber on a smartphone next to the picture of an official German taxi sign in Frankfurt, September 15, 2014. A Frankfurt court earlier this month instituted a temporary injunction against Uber from offering car-sharing services across Germany. San Francisco-based Uber, which allows users to summon taxi-like services on their smartphones, offers two main services, Uber, its classic low-cost, limousine pick-up service, and Uberpop, a newer ride-sharing service, which connects private drivers to passengers - an established practice in Germany that nonetheless operates in a legal grey area of rules governing commercial transportation. REUTERS/Kai Pfaffenbach/Files (GERMANY - Tags: BUSINESS EMPLOYMENT CRIME LAW TRANSPORT)

Uber is an American multinational online taxi service company. People made a request on Uber app for a trip , this request then routed to the Uber drivers. Uber drivers have their own car. Uber service is the smartest service that is running in many regions around the world.Uber gives a free ride when some one use Uber app for very first time.If you use Uber App for first time,Uber provides you a Uber Promo Code which is used for a free ride.

Security Researcher Explains How Can He Get Unlimited Uber Free Ride Code?

Mohamed M.Fouad a security researcher from Egypt have found a critical vulnerability. This vulnerability can let any hacker to get unlimited uber free ride code.If you have Brute Force attacking skills, you can also brute force Uber promo code value to get the unlimited uber free ride code.

M.Fouad found this vulnerability that let hackers to “brute force uber promo code” in the sign-up invitation link. People use this sign-up invitation link to invite other peoples to get the free uber rides. ” I have seen that Uber is not using any protection against the brute force attack.This helped me out to find out different promo codes with amount of 500$ to 25,00$ “, Fouad Said.

 

 

 

 

M.Fouad shared a video that shows this brute force attack in full action.

 

M.Fouad Reported This vulnerability That Can Let Any Hacker To Get Unlimited Uber Free Ride Code:

 

As Being a responsible security researcher Fouad reported this vulnerability to the Uber team. Fouad said Uber Team’s reply was most weird,They considered this is out of scope !! and can report to a fraud !! as below :

 

Fouad said i have reported this vulnerability three times to Uber Team but their reply was same. They considered it always Out of scope. He also said that i am not the only security researcher who report this vulnerability. An other security researcher, Ali Kabeel, also reported the same vulnerability but in riders.uber.com/profile URL code customization feature. Ali Kabeel also got the same reply as i got.

NO COMMENTS

LEAVE A REPLY