Over the past year, a vulnerability in the popular transportation application Moovit has been exploited by hackers to access free rides. Moovit is a multi-modal transport app that combines data from public transit, ride-share, bike share, and scooter providers, allowing users to easily plan, navigate, and track their trips all from the same app. It’s no wonder why this app is popular among both consumers and cities as it helps to reduce traffic congestion and eliminate unnecessary trips.
Unfortunately, a cybersecurity lapse from within Moovit gave hackers a window of opportunity to exploit the app. By using a combination attack, hackers were able to write malicious code in the app’s check-in system, allowing them to book free trips without payment. While Moovit immediately responded to the exploit and disabled the affected check-in system, users of the app were unaware of the potential for malicious activity and were left vulnerable to such attacks.
The nature of the vulnerability is complicated and goes beyond a technical issue. It is an example of a company failing to have proper security policies and procedures in place, as well as negligent oversight in writing and maintenance code. Even with these security loopholes, it’s important to recognize the way that hackers found and exploited them. Technology may become outdated quickly, but hackers continue to evolve and adapt their strategies to stay one step ahead of companies like Moovit.
Ultimately, the breach is a reminder to both consumers and companies that it’s essential to stay informed about any potential risks associated with using apps, including those related to transportation. It’s essential for companies to have the necessary security measures in place to protect user data and prevent unauthorized access to their applications. Consumers should also take the time to research an app before they start using it and to quickly report any suspicious activity.
Hackings like the one with Moovit serve as an important warning that we all need to remain vigilant when it comes to cyber security and ensure our safety is taken seriously. It’s essential for companies to strengthen existing security measures and continuously update their programs to protect users from malicious activity and maintain their trust.
