Home / Software & Gaming / Security / Uber says its latest security flaw doesn’t “warrant immediate action or a fix”

Uber says its latest security flaw doesn’t “warrant immediate action or a fix”

Damien Mason January 23, 2018 Security, Software & Gaming

Uber is no stranger to controversy, as it was revealed at the end of last year the cab firm had covered up a data breach that had affected 57 million users by paying a ransom. Now, it seems the company is passing off a security flaw that allows hacker to bypass two-factor authentication as not “particularly severe.”

Two-factor authentication is a security process in which a user must provide a second lot of details after the initial log in via username and password. This helps to lock down an account and protect it from outside breachers, while eliminating the need to remember thousands of usernames and passwords.

The new bug was identified by security researcher Karan Saini, in which the flaw grants access to anyone with the username and password without needing to pass the two-factor authentication process.

Uber seemed less than enthused about the bug being identified, as it replied to Saini’s post to bug bounty company Hacker One stating that it “did not warrant an immediate action or a fix”. Don’t worry though, the company did find it “informative,” despite doing nothing with said information.

“If it's not a security feature, why even have it? There is no need for a novelty 2FA if it doesn't actually serve a purpose,” Saini said to ZDNet before the publication began putting the bug to the test.

It seems from ZDNet’s results that the bug cannot be exploited all the time, but there’s definitely a window of possibility. This is due to Uber’s machine learning system that discerns whether or not it is a genuine attempt to login before triggering a prompt for two-factor authentication. Saini, however, believes that this bug can indeed be bypassed regardless of the situation.

The real cause for concern is leaving machine learning to deem whether or not something is suspicious, not giving users the option to always enable two-factor authentication and Uber’s nonchalant mannerisms to what is indeed a security flaw. Those running the Uber app need to be secure in their personal online security if they want to continue using it.

KitGuru Says: Machine learning is a complicated process that usually takes time, in which the earlier in the process of learning it is, the more security flaws are posed to users. This seems like a bizarre thing to leave in the hands of something so risky, especially when Uber’s reputation has already spiralled out of control.

Become a Patron!

Tags

Check Also

Jagex unveils RuneScape: Dragonwilds, a new open-world survival game

Jagex, the studio behind the iconic RuneScape franchise, has announced its upcoming project named RuneScape: …

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!