‘Yo’ hacked by college students exposing users’ phone numbers

image Yo app

According to recent reports, a Georgia Tech student and his roommates have supposedly hacked Yo — the “context-based” messaging platform — and are able to access any user’s phone number, spam users with infinite Yo messages, and do some other not-so-great things with the app.

Details of the security flaws were emailed to TechCrunch by the hackers, who seem to be hacking the app simply to expose its vulnerabilities rather than truly do anything nefarious with the app. In addition to having access to users’ phone numbers, they’re seemingly able to spoof Yo messages from any user, as well as send Yo users push notifications with altered text.

We can get any Yo user’s phone number (I actually texted the founder, and he called me back). We can spoof Yo’s from any users, and we can spam any user with as many Yo. We could also send any Yo user a push notification with any text we want (though we decided not to do that).

Also, one user managed to grab the “ElonMusk” username when the app was launched, is holding it for ransom, and seemingly did a good job of tricking the internet into thinking they were the real deal. They’re of course willing to give it up though, but asking the real Elon Musk for a Tesla Model S in exchange.

Some other users are also able to break the app in some not-so-harmful ways, with one Vine user replacing the app’s default notification sound with Rick Astley’s “Never Gonna Give You Up.”

The developers have confirmed that there are indeed security flaws in the app, and had this to say when questioned by TechCrunch: “Some of the stuff has been fixed and some we are still working on. We are taking this very seriously.” The developers can’t confirm which hacks have been patched and which are still live.

In other news, well-known American comedian Stephen Colbert aired some great thoughts on the app last night:

Are you sick of this pointless app yet? We are.
Like this post? Share it!

Categories: App Store