Cyber security Vulnerability Analysis

Cyber security Vulnerability Analysis

The Cyber security vulnerability analysis being conducted is on Uber Technologies, Inc. which is an American international transportation organization. Uber technologies offers, ride administration hailing, food stuff delivery, distributed, ridesharing and a bike sharing framework[1]. Uber technologies headquarters are located in San Francisco and runs its operations in 785 metropolitan zones internationally. Its platforms can be acquired to through its sites and portable applications.

The uber platform has a projected clientele base of 110million users worldwide with a 69% market valuation in United states in passenger transport and 25% valuation in Food stuff delivery[2]. The company uses a mobile application platform that links the client with the driver and makes the application popular among its users. This is due to the fact the taxi is convenient which makes it stress free for users in a way that they can be able to hail for a taxi at any location and arrive in a short period.

Uber has a competitive rate which makes it less expensive compared to other cab services. With relatively affordable prices and available vehicles at any point in time, clients get accustomed to ordering for cabs for even shorter distances. This makes the platform vulnerable and prone to attacks due its large clientele. Since 2010, the transportation network technology has operated an app (Mobile application) that links the drivers with the consumers who are the riders seeking the services[3].

Riders book delivery services and the transportation services through the publicly version of the mobile application that is downloaded through the mobile devices (smartphones). Drivers use the mobile application to determine which ride requests they will need[4]. Uber acquires a variety of personal information from the transportation providers such as the social security numbers, email addresses, names, driver’s license numbers, postal address, bank account information and the insurance information[5]. On the other hand, the riders offer information such as names, postal addresses and the detailed record of the trip.

Uber security issues such as data breach have been subject international media. For instance, they disclosed that cyber criminals were able to steal personal information related to customer. In 2016, Uber disclosed that hackers had stolen 57 million rider and driver accounts[6]. The hackers were able to steal information such as the email dress, names, ban accounts and phone numbers. They announced that 2.7 million people were affected by the data breach that affected the information of the riders and drivers. Uber was fined $148,000,000 million for the data breach.

The information of the customer is the main target and attractiveness of the hackers to the uber technologies[7]. They hack information from the mobile application in order to money or sell information to other firms. Uber has implemented more stringent security measures and policies that have enhanced its identity verification process for the users to prevent fraud on their network.

Defensive tactics to prevent loss of information and uber attack are effective for the loss of customer data. Uber attackers were able to access both the Uber’s AWS and GitHub remotely. This is likely to compromise the legitimate credentials of the Uber to log into the systems[8]. Through use of the multifactor authentication, they are likely to control remote attack. Other ways through which they can prevent attack is through least privilege where the impact of the account is lowered.

References

Wong, Julia Carrie. “Uber concealed massive hack that exposed data of 57m users and drivers.” The Guardian 22 (2017).

Lee, Sang-Oun. “Hackers on the Highway: Are We Prepared?.” Chicago Policy Review (Online) (2019).

Smith, J. Walker. “The Uber-all economy of the future.” The Independent Review 20, no. 3 (2016): 383-390.

Camp, Garrett, Oscar Salazar, and Travis Kalanick. “System and method for operating a service to arrange transport amongst parties through use of mobile devices.” U.S. Patent 9,959,512, issued May 1, 2018.

Sweeney, M., Barreto, A., Cui, S. and Korsos, L., Uber Technologies Inc, 2015. System and method for optimizing selection of drivers for transport requests. U.S. Patent Application 14/566,148.

Maher, David P., Jack Lacy, Gary Ellison, and Yutaka Nagao. “Trusted connected vehicle systems and methods.” U.S. Patent Application 13/766,432, filed August 15, 2013.

Fransen, Frank, Andre Smulders, and Richard Kerkdijk. “Cyber security information exchange to gain insight into the effects of cyber threats and incidents.” e & i Elektrotechnik und Informationstechnik 132, no. 2 (2015): 106-112.

Takefuji, Yoshiyasu. “Connected vehicle security vulnerabilities [commentary].” IEEE Technology and Society Magazine 37, no. 1 (2018): 15-18.

[1] Smith, J. Walker. “The Uber-all economy of the future.” The Independent Review 20, no. 3 (2016): 383-390.

[2] Sweeney, M., Barreto, A., Cui, S. and Korsos, L., Uber Technologies Inc, 2015. System and method for optimizing selection of drivers for transport requests. U.S. Patent Application 14/566,148.

 

[3] Maher, David P., Jack Lacy, Gary Ellison, and Yutaka Nagao. “Trusted connected vehicle systems and methods.” U.S. Patent Application 13/766,432, filed August 15, 2013.

[4] Camp, Garrett, Oscar Salazar, and Travis Kalanick. “System and method for operating a service to arrange transport amongst parties through use of mobile devices.” U.S. Patent 9,959,512, issued May 1, 2018.

[5] Takefuji, Yoshiyasu. “Connected vehicle security vulnerabilities [commentary].” IEEE Technology and Society Magazine 37, no. 1 (2018): 15-18.

[6] Wong, Julia Carrie. “Uber concealed massive hack that exposed data of 57m users and drivers.” The Guardian 22 (2017).

[7] Lee, Sang-Oun. “Hackers on the Highway: Are We Prepared?.” Chicago Policy Review (Online) (2019).

Smith, J. Walker. “The Uber-all economy of the future.” The Independent Review 20, no. 3 (2016): 383-390.

[8] Fransen, Frank, Andre Smulders, and Richard Kerkdijk. “Cyber security information exchange to gain insight into the effects of cyber threats and incidents.” e & i Elektrotechnik und Informationstechnik 132, no. 2 (2015): 106-112.