Yo App Hacked: What Data Can Hackers Access?

The Yo App might be the simplest app we’ve heard of to date: it’s just an app that lets you say “yo” to your friends. At that level of simplicity, it might seem that the news the app has been hacked isn’t of any particularly high concern, since it isn’t carrying photos, bank information, or anything else private. A person can hardly get too worked up about a hacker knowing who one says ‘yo’ to.

Unfortunately, it’s not quite that simple after all.

TechCrunch announced yesterday that a group of three Georgia Tech students claimed to have hacked the Yo App, and as new data emerges, the claims appear to be validated. The creator of the app said that some of the problems have been fixed, while other security concerns still exist.

The app, which Business Insider says was created in less than 8 hours and does nothing but send the word “yo,” spoken in a robotic voice, from one mobile phone to another, has boomed in popularity, with thousands of users sending millions of “yo” messages.

Part of the risk, however, comes from a common consumer assumption that all an app does is also all it can do. Consider the list of permissions that many apps request upon download — you may have seen an app that is “just a flashlight” ask for access to your texts and calls, or a game ask for access to your camera, and wondered why a simple app needs all that data.

In an e-mail to TechCruch, the college hackers outline some of the other things they’ve been able to do since hacking the app:

“We can get any Yo user’s phone number (I actually texted the founder, and he called me back.) We can spoof Yos from any users, and we can spam any user with as many Yos as we want. We could also send any Yo user a push notification with any text we want (though we decided not to do that.)”

That’s not all. It seems it’s also possible to spoof accounts, with one user having grabbed the name of Tesla Motors CEO Elon Musk. He says he’s fooled people into thinking he was the real Elon Musk, and that he’ll turn over the screen name in return for a Tesla.

There’s also an Instagram photo that purports to show the evidence of one user’s phone being hacked through the Yo App:

Yo App Founder Or Arbel wouldn’t tell TechCrunch which security concerns have been reconciled and which are still problems, explaining that detailing these might give other hackers additional information they could use for further intrusions.

[Photo Credit: Twitter]