We haven't been able to take payment
You must update your payment details via My Account or by clicking update payment details to keep your subscription.
Update payment details
Act now to keep your subscription
We've tried to contact you several times as we haven't been able to take payment. You must update your payment details via My Account or by clicking update payment details to keep your subscription.
Update payment details
Your subscription is due to terminate
We've tried to contact you several times as we haven't been able to take payment. You must update your payment details via My Account, otherwise your subscription will terminate.
Update payment details

Accessibility Links

Skip to content
Subscribe

Dublin Bus fixes travel app that mistakenly showed pornography

Brian Mahon
The Times
Cybersecurity experts said it was likely that the app had been hacked as a prank
Cybersecurity experts said it was likely that the app had been hacked as a prank
ALAMY
Brian Mahon
The Times

Dublin Bus has corrected an error on its travel app after users complained that it had displayed pornography.

The service runs a real time travel app which allows commuters to check when a bus is due. The application has had more than one million downloads on the Android app store.

It emerged this week that pornography appeared on the app, on both Android and Apple devices, if a user clicked on the newsletter segment.

Multiple images and videos of naked women and people in sexual positions could be seen on the newsletter section of the app and the website, along with text in what appeared to be Japanese.

A spokeswoman for Dublin Bus said it was “aware of an isolated issue with a section of our app and website which occurred last night”.

Advertisement

She added: “An investigation has taken place and the cause has been identified and resolved. Further work has taken place to mitigate against the risk of a reoccurrence.”

George O’Dowd, managing director at Novi, a cybersecurity firm, said the incident was likely a prank.

“In this case it looks like someone was doing a prank or proving a point that there was weakness in the software,” he said.

He added: “If you are going to have a public-facing app, you should be behind a web application firewall, that provides an added layer of protection.”

Mr O’Dowd said it was common for apps or websites to have security weaknesses and said the issue was not something that was specific to Dublin Bus.

Advertisement

John Killilea, technical director with Commsec, a cybersecurity consultancy, said it looked like the newsletter section of the app was pulling information from somewhere else, not on the app. “The hackers have spotted this and put something in there and it wasn’t checked. That would be my guess,” he said. He agreed with the assessment that it was likely a prank and not a more serious issue.

Last year, the operators of the Luas said that 3,226 people who signed up to the Luas newsletter may have had their records compromised after its website was hacked. No financial information was compromised. Transdev had to take the site offline after a message appeared on its homepage demanding one Bitcoin, which was worth more than €3,000 at the time.