A major security hole in Uber’s email system would allow anyone to send emails from the company’s official Uber.com domain.
A major security breach in UberThe company’s email system would allow anyone to send email from the company’s official Uber.com domain. Based in San Francisco, California, Uber is one of the largest taxi aggregators with operations in dozens of countries around the world. The company is said to have around 69% of the ridesharing market in the United States, while Lyft represents the rest.
Like most other tech companies, Uber also has a bug bounty program that pays out rewards for detecting vulnerabilities in company software systems. The company has paid over $ 2.8 million in bug bounties over the years, including $ 16,000 in the past 90 days, but this particular vulnerability in the messaging system has yet to be addressed. Uber has suffered several controversies over the years already, and the last thing it wants is to create a new security problem by not taking the email bug seriously.
Several security researchers have reportedly discovered a serious bug in Uber’s email system allowing unauthorized people to send emails from the Uber.com domain. Researchers say an exposed endpoint on Uber servers is the reason for the problem, although the company apparently isn’t bothering to fix it. Describe the vulnerability to Beeping computerSecurity researcher and bug bounty hunter Seif Elsallamy said the bug is “an HTML injection into one of Uber’s mail endpoints” and can pass DKIM and DMARC security checks to reach people’s inboxes.
Uber willfully ignore the problem
Elsallamy also sends a proof of concept email to Beeping computer of the Uber.com domain using SendGrid, an email marketing and customer communications platform, to show how easy it is to leverage the exposed endpoint. However, Elsallamy did not disclose the vulnerable Uber endpoint as it would have created a security issue for the company, its customers, and driver-partners. As of January 3, the vulnerability has still not been patched and could allow malicious actors to send phishing emails to Uber users whose email credentials were leaked during a data breach in 2016.
Remarkably, Uber does not seem interested in fixing the vulnerability although it has been alerted to the problem on several occasions by several researchers. In Elsallamy’s case, despite reporting the issue to Uber under the HackerOne bug bounty program, his report was dismissed because ” offscreen “. The same bug had already been reported by at least two other security researchers, and they also apparently received similar responses from Uber.
In fact, the first time the issue was detected was in 2015/16, but was dismissed by Uber. The issue was reported again in March 2021, only to be dismissed again. Now that it enjoys extensive media coverage, it will be interesting to see if Uber finally pulls its own steam and plugs this long-standing security hole once and for all.
Next: You Can Now Order Marijuana From Uber Eats, But They Won’t Deliver
Source: Beeping computer
Why NASA’s Webb Telescope Team Blocked Other NASA Twitter Accounts