America's hottest new smartphone app has already been hacked by college kids

Yep, the tech-darling app that raised one million dollars has serious security flaws

Published June 20, 2014 8:15PM (EDT)

    (<a href='http://www.shutterstock.com/gallery-826804p1.html'>rvlsoft</a> via <a href='http://www.shutterstock.com/'>Shutterstock</a>/Salon)
(rvlsoft via Shutterstock/Salon)

A Georgia Tech student and his roommates hacked new communications app Yo. The app, released this week sends push notifications to other app holders simply saying, "Yo." (Founder, Or Arbel, described the app as "context-based communication.")

What does this hack mean? In an email to TechCrunch, the students responsible said:

“We can get any Yo user’s phone number (I actually texted the founder, and he called me back.) We can spoof Yos from any users, and we can spam any user with as many Yos as we want. We could also send any Yo user a push notification with any text we want (though we decided not to do that.)”

Post hack, however, the app spouted a wider range of text. A Vine surfaced of Yo playing bits of Rick Astley's "Never Gonna Give You Up," and an Instagram user posted an image of Yo sending Doge-like text, rather than the customary "Yo."

Yo confirmed to TechCruch that they had in fact been hacked, and that the company brought in a security team to resolve the problems. “Some of the stuff has been fixed and some we are still working on," Or told TechCrunch. "We are taking this very seriously.”

More unsettling than weird messages (or Rick Astley, for that matter), is the fact that these college students were able to get user phone numbers. It is disconcerting how an app that has so much buzz, so many users, Silicon Valley praise -- not to mention funding -- also has such huge security flaws. And there's quite a bit of chat going on at #YoBeenHacked:

[embedtweet id="480018865699971072"]

[embedtweet id="480051881264562176"]

[embedtweet id="479988504605511680"]

[embedtweet id="480058854374649856"]

The app, which apparently only took eight hours to build, has around 450,000 users and raised over one million in funding.

So, how do you delete Yo if you're wary of the hack? According to the Washington Post, even if users remove the app, Yo will still have your personal information. Email contact@justyo.co to be removed.

h/t TechCrunch, Washington Post


By Sarah Gray

Sarah Gray is an assistant editor at Salon, focusing on innovation. Follow @sarahhhgray or email sgray@salon.com.

MORE FROM Sarah Gray


Related Topics ------------------------------------------

App Georgia Tech Hacked Smartphone Technology Yo #yobeenhacked