Yo hack spills users' phone numbers

Single-function messaging app Yo may have seemed like a gimmick – albeit one raising $1m in funding – but it's also got an unpleasant security sting in its tail, with hackers claiming to be able to extract phone numbers of users. Yo arrived to mixed confusion and enthusiasm earlier this week, intended to do one thing in sending a "Yo" message to a contact.

Cooking the app up took just eight hours, the developer has boasted, but while the premise seems simple, the new company has ambitious plans for it. Anywhere people might want to get the attention of someone else – such as the bartender in a bar, or a flight attendant on a plane – is a possible venue for future Yo deployment, it's suggested.

Unfortunately, it now seems that speedy development time meant some security loopholes were missed. Yo founder Or Arbel confirmed to TechCrunch that the app experienced "security issues" but insisted that some had been addressed. Others were still a work-in-progress.

The hack is the handiwork of a group of Georgia Tech students, who have supposedly demonstrated that they can pull any Yo user's phone number from the service. The unnamed group actually contacted Arbel using his own cellphone number, extracted from Yo.

Meanwhile, the exploit also allows the team to spoof Yo messages – making them look like they come from other users – as well as send huge quantities of spam Yo. Using the app's framework to send push notifications to a phone with any text is also possible.

Whether the security goofs will turn users – and potential future Yo investors and business adoptees – off the app remains to be seen, with Arbel insisting that a full fix is just hours out.

VIA TechCrunch