“Yo” Messaging App Gets Hacked Multiple Times

At least 50,000 “Yo” users at risk of having phone numbers exposed

By Ionut Ilascu on June 20th, 2014 10:26 GMT

Messaging app “Yo” has been under a lot of stress lately, as it has been the object of various curious users that tried to make it do something else than just send a Yo message to a contact.

The app, available on both iOS and Android, simply sends a “yo” message, which you don’t even have to type, to a contact in the user’s list; there is no support for video, images, or texts larger than two characters.

TechCrunch was tipped off through an email from a Georgia Tech student, who claims to have broken Yo’s security and gained access to the phone number of any Yo user as well as spam the app users with Yo messages.

Moreover, the student can allegedly send push notifications with a text of his choice. But the cherry on top is that he said he managed to text the founder of the application, who returned a phone call to him.

Yo may seem like a silly mobile application, but it has garnered at least 50,000 users whose phone numbers can land in the hands of cybercriminals, if they find their way into the application.

According to Financial Times, users of the mobile app have yoed a total of four million times, half of that happening in the last month.

Furthermore, the founder raised $1 million (€734,000) from Mr Hogeg’s angel fund to create a solution for low-overhead notifications from any source that presents an interest to the user.

Multiple evidence of “Yo” being insecure occurred lately, as one user posted a Vine with the default sound of the app being changed. Another published on Instagram an image with a notification message on top of the Yo contact list.



Neither of these two hacks has been confirmed yet, but they could be legitimate, considering that founder Or Arbel confirmed to TechCrunch that the program has serious security issues and that “some of the stuff has been fixed and some we are still working on. We are taking this very seriously.”

Arbel also said that the company is currently working with a specialist security team in order to solve the security problems. He did not reveal the flaws that have already been eliminated, though.

Installing “Yo” is a simple thing, although it is a bit more complicated a procedure than actually using the app. As far as permissions are concerned, it uses one or more accounts on the device and the associated profile data.

Some users have already started to remove Yo from their devices as a precaution:

Evidence of "Yo" app being hacked
2 photos
   Evidence of "Yo" app being hacked

Photo Gallery (2 Images)

Gallery Image
01
Gallery Image
02
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments