I got a lot more attention that I thought I would get for my blog post. Way more than what I’m used to. I want to re-iterate what I found and hopefully clear up any misconceptions.
I found the capabilities for Uber to spy. It doesn’t mean uber is spying. The app can, but it doesn’t.
Imagine a digital watch. Tells time, does what it has to do imagine inside the firmware someone finds functions for sending data about the watch user to a remote server via wifi. The watch itself isn’t sending the data, but has the potential to. This is the same case.
All the people who went apeshit about privacy violations from Uber are right to feel a little uneasy. In the digital age, privacy is becoming harder and harder to maintain with less clear cut lines about what info is public and what is private. It doesn’t mean however that you should stop using Uber. Uber is awesome and convenient. All I found was the potential for wrong doing, not the actual implementation of wrong doing. There’s a difference.
As “james” aka email@example.com pointed out:
This nextweb article completely demolishes the analysis here.
Did I call the app malware? No, you can blame CultOfMac for that. The author points out that no actual spying is done. He does a good job quelling any rumors. Good on him.
Now that that’s out of the way, I can focus on other cooler things. Such as my next writeup entitled “Exploiting residential internet gateways for fun and profit”. Expect that next week.
I hope everyone has safe and pleasant turkey day.