scorecardresearch
Friday, Mar 29, 2024
Advertisement
Premium

Uber ignored bug that allows hackers to bypass two-factor authentication

A New-Delhi based researcher has found a security flaw in Uber's two-factor authentication feature, which can allow hackers to attack an account by bypassing it.

Uber security flaw, Uber two-step authentication, cyber security, hackers, Uber security bug, data privacy, Uber security feature, security protection, verification codes Uber reportedly said the security bug ‘is not a particularly severe’ issue. (File Photo)

Ride-hailing app Uber has reportedly ignored a security flaw – discovered by a New Delhi-based security researcher – that can allow an attacker to hack into user accounts via bypassing its two-factor authentication feature.

“Two-factor authentication is a vital part of protecting online accounts that adds a second layer of security on top of your username and password – which can be be stolen – by sending a code by text message to your phone which only you would have access to,” tech website ZDNet reported late on Sunday.

“That two-factor code can be bypassed, making the second layer of security protection effectively useless,” security researcher Karan Saini was quoted as saying by ZDNet. The security bug works by exploiting a weakness in how the app authenticates a user when they log in to the platform, thereby letting the user log in to an account and easily defeat the two-factor prompt, without entering the correct code.

Uber reportedly said the security bug ‘is not a particularly severe’ issue. “This isn’t a particularly severe report and is likely expected behaviour,” Rob Fletcher, Security Engineering Manager at Uber, said in his correspondence with Saini about the bug report. Uber began testing two-factor authentication on its systems in 2015 but the company has yet to widely push the security feature to its users.


 

First uploaded on: 22-01-2018 at 14:10 IST
Latest Comment
Post Comment
Read Comments
Advertisement
shorts
Maguntas
Political PulseUpdated: March 29, 2024 07:11 IST

Away from the national capital’s courtroom where the case against Chief Minister Arvind Kejriwal is playing out, two key figures embroiled in the excise policy case – four-time MP Magunta Srinivasulu Reddy and his son Raghava Magunta Reddy – are busy campaigning for BJP ally Telugu Desam Party (TDP)

Advertisement
Advertisement
Advertisement
close