You might have read about the Yo app over the last few days, the ridiculously simple messenger that sends just one word – yo. That’s it. It’s somehow landed $1 million in angel funding and its users are growing. That means its vulnerabilities are coming into focus.
Revealed by TechCrunch, a student at Georgia Tech said he was able to hack the app and retrieve user phone numbers.
“We can get any Yo user’s phone number (I actually texted the founder, and he called me back). We can spoof Yo’s from any users, and we can spam any user with as many Yo. We could also send any Yo user a push notification with any text we want (though we decided not to do that).”
Since the TechCrunch reports surfaced, the app’s CEO Or Arbel has confirmed the hack, though did not say whether the hacks were ongoing or if a patch had been made.
“Some of the stuff has been fixed and some we are still working on. We are taking this very seriously,” he said, adding that they hope the problems will be fixed in the next few hours.
The Yo app has been getting serious press this week for its novelty where users simply send messages saying “yo” to one another. Or Arbel has spoken about its potential for marketing, already trying to take advantage of the World Cup.