Printed from http://www.electronista.com

Minimal messaging app of the moment Yo hacked by college students

updated 03:50 pm EDT, Sun June 22, 2014

Georgia Tech students hack single phrase messaging service, help team fix issues

The new messaging app of the moment Yo, which sends out only the phrase "Yo" to contacts, was hacked last Thursday by a group of students allegedly from Georgia Tech, according to TechCrunch. The hack allowed the students to spam users of the messaging program, as well as send push notifications with custom text. Yo confirmed through Twitter that it was working on security issues that had been brought to the team's attention.




The messaging app, which is currently listed as the sixth most popular free iPhone app, was alerted to the hack after one of the students reached out to founder Or Arbel. Arbel confirmed that the app was having security issues, but didn't give details on the hack at the time. The Yo founder outlined the events leading up to the fix on his blog.

After receiving a text message asking if he was the founder, Arbel was spammed with "Yo" messages and issued a push notification that the app had been hacked. The Yo team went to work in an attempt to find out what had happened, closing one hole before another was addressed. During the course of the fix, the hackers emailed Arbel the details of the hack, and provided help.

The larger problem was that the database had open access from the app. This meant that anyone could read what user information was stored. However, a team came together to solve the problem, to which the hackers verified was fixed. One of the hackers is now working with the team to improve the Yo experience.

In the blog post, Arbel also highlighted one of the features of the Yo app. Since it works on such a minimum level, no information other than a user name and associated phone number were exposed as a result of the open database. The application asks for no personal information, and the information it does access from an address book Arbel says isn't stored in a database.

If a phone number was never used to find friends, only the username was exposed. However, the hack wasn't totally free of an information leak, leaving it to face similar problems applications like Snapchat have had.

Arbel admits that the app "exploded a little too soon." Before the hack, the team was working on "re-writing the infrastructure in a proper and secure way, as suitable for production-grade apps."

Yo rose through the ranks of apps based on it being a simple messaging platform. It doesn't hurt that the company received $1 million in funding from investors associated with Moshe Hogeg, according to Think Progress. Last week, Yo announced that it had seen 3.7 million messages sent in a single day. Venture capitalist Marc Andreessen thinks that a simple messaging platform like Yo has its place in a world of one-bit communication, but it may not be the next $100 billion social media phenomenon.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. msuper69

    Professional Poster

    Joined: 01-16-00

    Why did Apple even allow this fart-like app into the App Store?

  1. jreades

    Junior Member

    Joined: 02-02-99

    I am, apparently, way too old to understand why anyone would want this app.

    Yo, because FB pokes[1] are too much effort.

    [1] Didn't get those either.

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    msuper69, the only reason they shouldn't have allowed it on the store would be because of its poor security.

    jreades, can you imagine a scenario where one spouse says to another "call me when you leave work and I'll start dinner" or similar. The content of the message is irrelevant. And the spouse leaving work doesn't remember to call until she's already on the road. This app lets you do it very quickly and easily - much safer than a call or text message. I can think of other scenarios where you just need to send a quick message. Sometimes it's just the sending of the message that matters more than what it says.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented

 
toggle

Popular News