Authenticating Uber Rides

Posted by HomeBrewedSec on April 23, 2018 · 2 mins read

Almost every Uber (or Lyft, or [your rideshare of choice]) driver says your name when you open the door, usually in question form. This irks me as a InfoSec professional, as it doesn't prove anything but the fact that you want to get in the car. Now you might say "who would want to get into an Uber that isn't theirs?" It happens. In fact, I have a friend that drove Uber that had to call the police on 2 drunk guys who refused to get out of his car. Either way, why would you want to find out?

Being a Friendly Nerd

Partially because it irks me and partially because I have a hard time with silence, I almost always bring this up with my driver. Surprisingly, almost every driver seems to like this information, although I have no idea if they actually implement it.

How to Authenticate

If I were a rideshare driver, here's what I would do. First, don't say the rider's name until they say yours first. If they don't offer this voluntarily, casually say something like "are you waiting for an Uber? Who's your driver?" Second, say "hi, [name]", because you're not a savage, just don't be the first one to do so. Third, (and this would be only if I felt particularly threatened) ask to see the open app with your driver/rider info.

Seriously? Are you that paranoid?

Yes, I am. I don't underestimate people, especially not those I don't know. This is such a simple practice that there's no reason not to. And as a rider, I'll continue suggesting it, because it gives me something to talk about, and like I said, I hate silence.