Security flaws found in taxi booking apps

Experts of the Russian Quality System ( made a decision that the most popular applications for ordering a taxi can cause the leakage of personal data, such as Bank card information.

Experts tested such programs as "Yandex.Taxi", Uber Russia, Maxim, Gett, City-Mobil, Rutaxi and Fasten. It turned out that almost half of the applications are vulnerable to DDoS attacks which can cause a blocking of the service.

The test showed that there are a number of potential vulnerabilities in applications, for example, weak hashing and encryption algorithms and insecure SSL implementation.

In turn, Taxi services specified that their programs use a secure data transfer protocol, and all information is stored in encrypted form.

According to experts, people should not order a taxi when connected to an open Wi-Fi network or they must install a VPN client on the device.

The idea of taxi applications nowadays is very practical and comfortable, but the quality of services leaves much to be desired. It turns out that in reality companies are not responsible for the qualification of taxi drivers, as well as for its absence when it comes to litigation. It will not be surprising if next time companies will not take the consequences for the leakage of personal data.