June 22, 2014

Yo App Gets Hacked

Alan McStravick for redOrbit.com – Your Universe Online

Released just a month ago, the weirdly popular app that allows users to send the word “Yo” to friends in their contact list has been taking the world by storm. The app is simple, not only in its messaging but also, apparently, in its design, as the app was successfully hacked by a small group in a ridiculously short amount of time Thursday night.

The hack was able to completely overrun the program, allowing the hackers to spam users of the application and even spoof other users. That is, until the developer of the app, Or Arbel, discovered and fixed the exposed vulnerability.

According to reporting by CNN, the perpetrator of the hack, Chintan Parikh, was able to hack the application in about an hour's time on Thursday night.

“We were actually just messing around,” explained Parikh, 19, a student at the Georgia Institute of Technology. In the process of exposing the app’s vulnerabilities, Parikh and friends figured out how to get into the phone numbers of those who had downloaded the app, as well as being able to view their contacts.

Parikh, who had also effectively hacked the social hookup site Tinder last year, described the required skill level as specialized, though not necessarily difficult. After hacking Yo, Parikh detailed the issues with the application in an email to Arbel, showing his exposure was not intended as an attack on the application.

Once notified of the issue, Arbel explained he addressed it promptly. However, he conceded other vulnerabilities with the app that he created two months ago in just eight hours still exist.

"Some of them have been fixed, and we're working on every one," Arbel said. Of course, he opted not to elaborate on other known vulnerabilities, as he didn't want to give other opportunistic hackers too much information.

Before this most recent hack, the app gained even more attention thanks to Comedy Central's Stephen Colbert devoting an entire segment to its new popularity and a widely publicized hack was broadcast in a Vine video, showing the user's phone playing Rick Astley's “Never Gonna Give You Up” instead of the app's standard “Yo.”

Arbel responded to the Vine hack, explaining he wasn't aware of it, but that he believed it was most likely only done to the user's own phone and couldn't be done to other users’ phones remotely.

While the recent hacks have likely made users of the app uneasy, Arbel claims there is little danger to those who have downloaded it. Venture capitalists seem to have agreed with the general safety of the app, as it recently secured $1 million in funding.

"Users are concerned, and we understand that they're concerned," he said.

Despite the very public hacks of the YO app, it managed to ascend from the sixth to the third most-downloaded app in the iTunes store.