Uber has made a name for itself around the world capturing the imagination of cab owners, confronting other traditional cabbies and unions. That can all be taken care off through conflict resolution and negotiation. However,  the mobile based cab hiring service may be technically susceptible to hacking may be another reason for the team at Uber to worry about.

Customers may not be worrying so much though as they are getting free rides and it costs less anyway than the traditional cabbie. And herein lies the problem for the company (which sources are saying loosing millions of dollars ). How does Uber make sure people do not get the free rides over and over again!

Like most mobile apps that track users for benefits it offers, the Uber app makes use of the unique 15 character IMEI (International Mobile Equipment Identity) number that is available on all mobiles. What Uber may not want to acknowledge or brush under the carpet is that this number can be easily spoofed. All one needs is a rooted Android device and three apps (which are available on Google Play) : the Xposed Framework, CardGen, and IMEI changer.

After installing these apps and restarting the device, users can change the IMEI to a random number.

Generally, the last digit of the IMEI is arrived at using the  Luhn formula. However security researchers have found out that Uber does not check for the validity of the IMEI number as yet.

And even then anyone can get a valid IMEI by going online and locating one. Once this is done, all one has to do is clear the Uber apps data cache and register a new account and use a virtual credit card number which once again Uber does not check the validity.

There you go, locate a Promo Code and claim it for free ride. So though this Uber hacking is theoretically possible and quite well known in security circles, this publication has not tried it and cannot vouch for its practical utility.

And would not advise readers to try it. Though this points out to show how apps pay lip service to security which can affect their bottom line and one wonders if they can be trusted to take seriously other valid concerns of their customers.

Source: Wikipedia.org

About The Author

"Founded in July, 2016, WhackHack.com is a cyber security blog that covers important security issues affecting common users, industry and governments. It aims to create awareness among its readers about malware, hacking, encryption, identity theft, privacy, etc and also offer solutions to protect themselves from such attacks"

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

fifteen + nineteen =