Uber's 'Share My ETA' Bug Fix Now Only Gives The World 48 Hours To See Your Journey

Worryingly, One Of Uber's Most Dangerous Features Is STILL Live
|

Uber's feature 'Share My ETA' is a handy way for you to share your journey and real-time location with a friend, relative or just anyone you're planning to meet.

Open Image Modal

The Uber 'Share My ETA' bug has been classed by Uber as 'not a data leak'

It can on the one hand be a force for good, helping those late at night share their journey with a trusted friend. On the other hand, it's so insecure that it turns out almost anyone can Google it.

An update to this security issue however now reduces the time that hackers will have to search for it. Trip information, rather that being permanent, will now expire after 48 hours.

The vulnerability was discovered by ZDnet last week after they realised that by heading to trip.uber.com via Google, Google would pull up a list of related searches, and in turn a list of recent trips.

A person could then look at those trips on Uber's map and see exactly where they were and the journey they were taking.

While on the surface these are simply details pulled through by Google when a person chooses to tweet their 'Share My ETA' information, however ZDnet discovered on closer inspection that within the code were often exact addresses as well.

Uber has reportedly provided a fix, but it's one that seemingly just narrows the window of opportunity for people to search the trips, rather than closing it entirely.

Trip information, rather that being permanent, will now expire after 48 hours, so if say an experienced programmer or hacker wanted to track your trip they would now have a deadline to do it before the information was removed.