News

Uber is offering $10,000 to anyone who can hack them

Uber has launched a Bug Bounty Program, the whole purpose of which is to gather the best hackers from around the world who can hack into their domains and expose potential security flaws with a bounty of up to $10,000. The announcement came a few hours ago via an official blog post.

Uber is currently the most talked-about taxi-hailing service in the world. Launched in 2009 in USA, it is now functional in over 60 countries – including Pakistan. But ever since the launch Uber has faced allegations from people who challenge that their use of unliscenced drivers is unsafe and illegal. Furthermore, Uber had to weather a storm when back in 2014 it suffered a huge security breach in which the details of over 50,000 drivers were compromised. Their new Bug Bounty Program is hoping to fix the security flaws in their systems.

The whole process of hunting bugs and understanding a new system can be very difficult, which is why Uber’s Security Engineering Team has whipped up a treasure map of various services at Uber. This map is essentially a list that includes details on what a service does, what you should be looking for as a hacker and what platforms that service runs on.

The scope of this bug bounty program is limited to the following sites:

  • https://*.uber.com/
  • https://*.dev.uber.com/
  • http://petition.uber.org
  • http://ubermovement.com
  • iPhone Rider Application
  • iPhone Partner Application
  • Android Rider Application
  • Android Partner Application
  • Uber’s Microsites

Uber wants you to expose any flaws that may compromise the security of their users, as such they are looking for vulnerabilities like Cross-site Scripting (XSS), Cross-site Request Forgery, Server-Side Request Forgery (SSRF), SQL Injection and Server-side Remote Code Execution (RCE). There is a long list of specifications of what you should and should not do, which we suggest you go through if you want to part-take in this program.

Once you’ve found a bug, Uber developers will remediate it and then it’ll be up to Uber to decide how much bounty to pay you. Here’s a look at how that works:

  • Critical issues ($10,000) – These include vulnerabilities that compromise an employee account, exposure of information that identifies individuals, payment or partner invoice information exposure at scale or potential access to source code.
  • Significant Issues ($5,000) – Stored Cross-site Scripting which can cause significant brand damage, missing authorization checks leading to the exposure of email addresses, date of birth, names, phone numbers.
  • Medium Issues ($3,000) – Reflected Cross-site Scripting (XSS), most Cross-site Request Forgery (CSRF) issues, access control issues which do not exposed PII but affect other accounts, rate limiting issues, account validation bypasses and any vulnerability which allows the bulk lookup of user UUIDs.
  • Fraud Issues – If you spot anything fraudulent, send it to ext-uber-fraud@uber.com. This does not come with any reward.

If you’re interested, head over to this link, register yourself and start hacking!

Sponsored
Maryam Dodhy

I love bringing to light stories of extraordinary people working in Pakistan's tech and startup industry. You can reach out to me through maryamdodhy@techjuice.pk.

Share
Published by
Maryam Dodhy
Tags: sliderUber

Recent Posts

Telecom Operators to Automatically Restore SIMs for Tax Filers

The Federal Board of Revenue (FBR) has introduced a comprehensive mechanism for blocking and unblocking…

33 mins ago

Trump’s Influence Fuels Bitcoin to Cross $100,000

Bitcoin broke the $100,000 mark for the first time on Thursday, driven by Trump's crypto-friendly…

1 hour ago

PSX Hits New Heights, Surges by 1,800 Points to Cross 97,000

On Thursday, the Pakistan Stock Exchange (PSX) 100 Index surged by 1,781.94 points, or 1.86%,…

2 hours ago

Pakistan’s IT Minister Defends Internet Restrictions: Here’s All We Know!

Shaza Fatima Khawaja, Minister of State for IT and Telecom, made it clear on Thursday…

3 hours ago

PayPal Resolves Global Outage Impacting Thousands

PayPal, the global payment processing company, announced on Friday that it had successfully resolved a…

4 hours ago

7,300 Teaching Interns Hired Across Punjab

LAHORE: Punjab government colleges have completed the recruitment of 7,354 teaching interns. The Higher Education…

4 hours ago