Bugs in ride-hailing app Moovit could have allowed hackers to take free rides


San Francisco, Aug 14 (IANS): A security researcher found serious vulnerabilities in the ride-hailing app Moovit that could have allowed hackers to compromise users’ accounts and their financial information to get free rides.

Omer Attias who is a security researcher at SafeBreach, spotted three bugs in Movie which allowed him to collect new user’s registration information from all over the world.

 

The bugs could have allowed him to take over other people’s accounts, and consequently their credit cards, to pay for his own rides, reports TechCrunch.

 

“We can fully impersonate accounts, without disconnecting them. It’s crazy, we actually have the ability to perform all the operations on behalf of different accounts, including ordering train tickets,” Attias was quoted as saying in the report.

 

Attias, in fact, created a custom interface that allowed him to take over other people’s accounts with just a few taps.

 

Moovit is an Israel-based mobility-as-a-service provider and journey planner app. It has been owned by Intel through the Mobileye subsidiary since 2020.

It claims to serve 1.7 billion riders in 3,500 cities across 112 countries.

 

The company, however, said there is no evidence that malicious hackers found and exploited these bugs.

 

“Moovit was aware of and rectifying the issue when it was reported, and took immediate steps to finish correcting the issue,” a company spokesperson was quoted as saying in the report.

 

The vulnerabilities have long since been fixed and no customer action is required, the spokesperson added.

 

In May 2020, Moovit was acquired by Intel for $900 million and has integrated with Mobileye. In October 2022, Moovit was acquired by Mobileye from Intel as part of Mobileye's IPO.

 

 

  

Top Stories


Leave a Comment

Title: Bugs in ride-hailing app Moovit could have allowed hackers to take free rides



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.