Some Private Hire Drivers Are Hacking Apps Like Grab To Force Surge Pricing & Fake Their Locations

These days, security issues are more than a real concern. Google is tracking the weird fetishes I have, some random hacker might have placed a malware to spy on me, and seeing my 50-year-old face might mean I’m literally giving data away.

But then, why would anyone want information from a broke ugly dude with an increasingly bulging belly?

Some hackers are targeting Grab & Go-Jek for money, though it would appear that we are still not safe from this as well…

An online community of hacking and modding Grab and similar apps

First found by TNP, there are online communities active on forums and messaging apps spreading the use of modified apps of these Grab-esque apps.

Hacked versions allow drivers to cheat; bypassing verification, faking locations, cancelling jobs without penalty, view private customer information, and cooperate to force surge pricing.

Normally, for Grab drivers to earn S$200 before cost, they would need to work more than 12 hours per day. App abusers can earn more than that with fewer hours.

Hackers are also selling these online to other drivers, where it is found these services are a monthly rate of $350 for the Grab Driver app and $200 for the Go-Jek app.

Some drivers were caught and penalised with warnings and suspensions, but the exact numbers are not revealed by Grab and Go-Jek.

It’s a crime, duh

Unlike hacking your PSP or rooting your Android where doing those only voids your warranty, modifying these apps are fraud and cheating.

But don’t take my word for it; take Mr James Ow Yong from Kalco Law’s.

Cancelling rides or changing locations with the app is an offence under the Computer Misuse Act which fines up to $10,000 and/or jail for up to 3 years.

If doing this causes the operator’s loss exceeding S$10,000 within a year of the offence, there are enhanced penalties of up to $50,000 fines and/or jail for up to 7 years.

Illegally accessing protected data like phone numbers and payment details can get you up to S$5,000 fines and/or jail up to 2 years.

If the information is used to commit an offence, that’s another fine up to S$50,000 and/or up to 10 years jail.

Those selling the app? They can be convicted of abetment or encouraging other people to commit crimes.

Hacking FOR Grab & GO-Jek got money too

Let’s start with the carrot: if you’re a driver-partner under Grab, there’s a US$1,000 (S$1,350) bounty on bootleg app information, under their Fair Play Rewards Programme.

If you’re a hacker? Well, why not use your skills for good instead? Grab has a Bug Bounty Program offering a minimum bounty of S$100. Your efforts will be reviewed on the HackerOne platform where they have paid $369,826 so far.

GO-Jek’s can be found on BugCrowd, and pays $200 to $5,000+ per vulnerability.

In app and website security, things need to be constantly updated, and even so, there are ways to hack them again.

There’s no way to just make a 100% secure system and that’s the end.

So if you’re a hacker? It means every update is a new money-making opportunity.