Yo, the greatest monosyllabic thing to happen to apps, is reportedly riddled with security holes. The app, which does nothing but send messages containing the word “Yo” (or “YoYo” with a double tap) to contacts, was hacked by a Georgia Tech student and his roommates. In an email to TechCrunch, the unnamed hacker claims that he can get any phone number in the Yo user database and spam any user with as many Yos as he wants.
“We can get any Yo user’s phone number (I actually texted the founder, and he called me back). We can spoof Yos from any user, and we can spam any user with as many Yos (as we want). We could also send any Yo user a push notification with any text we want (though we decided not to do that),” the student said.
Meanwhile, a different vulnerability has been exposed by a Vine user called Hako. In a post captioned “I think I broke Yo,” the app’s normal “Yo” user alert sound has been replaced with the intro riff for Rick Astley’s “Never Gonna Give You Up.”
Or Arbel, the founder of Yo, has confirmed the vulnerabilities, saying that the app was “having security issues.”
“Some of the stuff has been fixed and some we are still working on. We are taking this very seriously,” he told TechCrunch.
The Yo app has been in circulation since April. It gained widespread attention earlier this week, when it was revealed that it was able to raise $1 million in funding. Currently, it is the fifth most popular free app in the App Store charts.
