Yo. Don’t understand? Here’s a clarification: Yo. Still don’t read me? Well, here’s the expanded version. Yo is an app that launched on both iOS and Android recently, and it’s been hacked. The app is centered on simple communication, using only a single tap to send a message, namely (and only) ‘Yo’ to a friend with the app. The developer and founder of Yo, Or Arbel, has quite a future for his little app, with a million dollars in venture funding already, so developments should be followed. The hacking though, that’s not good, as per usual.
The app was reportedly hacked at 3 a.m. Eastern Time. The group behind the hack attack? A college student in the United States. The founder, Or Ardel, contacted the students, and with their help, worked out security fixes for all the vulnerabilities, as well as work with the students along with Parse Security to permanently fix the security risks and issues with Yo. One of the students, Isaiah Turner, posted to Facebook shared it via Twitter, letting the Internet know his rationale, and the outcome of the hacking:
“For my non hacker Facebook friends who are now scared I am going to hack them. Yes, I did “hack” the Yo app at approximately 3am EST last night. However, I do not necessarily regret it. The app was going to be hacked by someone, it was insanely insecure. About 15 minutes after posting a message in the Yo app to display “Tweet ‪#‎YoBeenHacked” I received a call from an international number, I answered. Or, the Founder, CEO, and only developer behind Yo was on the phone. He asked me to explain some of the security flaws and to help him fix them. We, as well as a friend, Chris, talked to him for about an hour.
Hacking Yo does not mean I am a bad person or that I am going to (or even capable of) having your Facebook/Email/Twitter/etc. Although I may have gone too far by telling people to Tweet and therefore actually exploiting the vulnerability, if I had not done that Or if the CEO would not have called me then the most important security flaws would not have been fixed.
As he informed me, he is meeting with the Parse security team to fix everything today. Apparently this meeting had already been scheduled. It is not Yo’s fault for being insecure. The app was intended more as a “prototype” according to Or and had it not blown up so fast, security would not have been an issue. Oh, we were also offered jobs.”
Yo is currently the number 3 app on the App Store which leads me to the conclusion, bad press is good press. Turner, to show that the app had in fact been hacked, played a snippet of a popular song (Never Gonna Give You Up, by Rick Astley) for showing that someone has been punked or messed with instead of the normal Yo notification. The screen also displayed a message reading “wow. much 1337. such bad security. I hacked Yo. Use hastag #YoBeenHacked to talk about it”. And talk about it people have since then. During the conversation with the developer, the reason, not the rationale, for the insecurities came out. Arbel admitted that the app was not really a full-fledged app, expecting it to be less popular than it was, but the virility of the apps popularity over the last few days took him, the app, and the security of it by storm. The holes and flaws in the security have been fixed, and will likely come in the form of either an update to the app on users’ devices or a server-side upgrade or update. Just goes to show how hacking can improve security in some cases.