According to this link, https://www.forbes.com/sites/daveywinder/2019/09/12/uber-confirms-account-takeover-vulnerability-found-by-forbes-30-under-30-honoree/#16085ecf9b87, a security vulnerability has been discovered that could allow attackers to compromise and control any Uber account.

  • The vulnerability could be exploited to track a user’s location and take rides from their account via an application programming interface (API) request
  • This involved first acquiring the user universally unique identifier (UUID) of any user by sending an API request that included either their telephone number or email address. “Once you have the leaked Uber UUID from the API request,” Prakash said, “you can replay the request using the victim’s Uber UUID and get access to private information like access token (mobile apps), location and address.”
  • The same vulnerability impacted Uber driver accounts and Uber Eats accounts as well

Experts Comments

September 12, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Apps are a great way to conveniently interact with users, especially for companies like Uber which rely heavily on phone functions. But because of the way it functions, it gathers location data, payment information, and journey history - which makes it an ideal candidate for all manner of attackers ranging from espionage or spying, to cybercriminals looking to make money. It's important that companies have good security processes, technology and have the right people in place to ensure.....Read More
Apps are a great way to conveniently interact with users, especially for companies like Uber which rely heavily on phone functions. But because of the way it functions, it gathers location data, payment information, and journey history - which makes it an ideal candidate for all manner of attackers ranging from espionage or spying, to cybercriminals looking to make money. It's important that companies have good security processes, technology and have the right people in place to ensure security is part of the fabric of the company. Merely adopting two out of three people, process and technology is not enough.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.