Techly NewsGet the app

Get the latest tech news

Exploiting McDonald's APIs to hijack deliveries and order food for a penny


A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.

API flaws in the McDonald’s McDelivery system in India, one of the world’s most popular food delivery apps, enabled a variety of fun exploits: What follows is an exciting experience in helping one of the world’s most iconic brands fix security problems before malicious hackers take a bite out of them. It is also worth noting that a price of 0 did not work because Juspay requires a value greater than 0 for the amount, so it wasn’t possible to order anything for free.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of McDonald

McDonald

Photo of deliveries

deliveries

Photo of APIs

APIs

Related news:

News photo

The Year of McDonald's

News photo

Google steps in after McDonald's gets ‘review bombed’ over arrest in UnitedHealth CEO's murder

News photo

SDL Introducing Async I/O APIs - Backed By IO_uring On Linux

« Home Assistant's New Voice Assistant Answers To 'Hey Jarvis'
Bluesky now has a mentions tab in your notifications area »