Uber's website was hacked to display an ad for rival company Lyft
Steve Jennings / Getty Images
Epperson was able to hack Uber through a flaw in a new petition it launched to try to convince the local government in San Francisco to allow the company to operate on Market Street.
Uber's petition let Epperson enter the word "zipcode" as his zipcode in the petition form. That's a red flag - online forms should only accept numbers for that field.
Epperson tried entering special characters (things like # and <), and was able to submit them. That's another big problem for an online survey, as allowing special characters to be submitted means that hackers can enter code into websites and take control of them.
The security researcher used the flaw in Uber's petition to prank the company. Epperson inserted code into the website that made it display the homepage of Lyft, Uber's biggest rival.
But Epperson didn't stop there. He created a script to automatically enter code, and used different web browsers to enter over 1,000 signatures a minute. He modified the page to make it seem as if Uber was petitioning to turn Market Street in San Francisco into a giant slip & side.
Epperson discovered after the hack that Uber had copied and pasted the code for its petition from a web tutorial on how to create a "simple" online contact form. This was a serious slip-up by Uber - hackers could have used the vulnerability to enter malicious code that spreads malware, find the personal information of everyone who had signed the petition, or to post a scam link on the site.
Uber eventually took down all of its online petitions following the hack, and there's no evidence that any personal data was stolen due to the vulnerability. We reached out to Uber for comment on this story and will update this article if we hear back.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- From terrace to table: 8 Edible plants you can grow in your home
- India fourth largest military spender globally in 2023: SIPRI report
- New study forecasts high chance of record-breaking heat and humidity in India in the coming months
- Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
- Strong domestic demand supporting India's growth: Morgan Stanley