Maybe it's because summer is almost here, or maybe it's because the Amazon Fire phone did not blow anyone's mind this week, but Yo has officially blown up. The App, which through the right lens could almost be considered tech industry self-parody, works like this: You and your friends sign up, and then with a click of the button trade one singular message. "Yo." And that's it. It's reportedly raised $1 million in funding, and it's already cracked the top five apps in Apple's App Store.
Here's the other way Yo has blown up: it has also had its security flaws exposed. Three students told TechCrunch today that they were able to mine the app for user phone numbers. Other developers seem to have backed that up, also saying that Yo can allow non "yo" messages to be sent.
But hold on. If this sounds truly scary to you, then you might need a reality check. Security flaws in popular apps are a serious issue, no question. But..."major security flaws" ? Ehhh. Just remember: getting random people's phone numbers and sending people messages that don't consist of the word "yo" is something you can do with a phone book. Any 7th grader with a taste for prank calls knows that.
I asked one of our Marketplace Tech regulars, Chester Wisniewski of Sophos, to characterize just how big of a deal the yo hack was, and he quoted the Bard. "Much ado about nothing." What Wisniewski did say was that Yo's security flaws are demonstrative of a larger problem: the low barrier to entry in the app universe for thrown-together software that doesn't have proper security. That's a bigger challenge for the app world, and Yo is a pretty low-priority example.
So until this particular issue turns into something more serious--like access to your credit card data, or delivering your phone a virus--remember that like apps, not all "hacks" are created equal. Anyone still worried about this should look at the app permissions screen:
This narrative can change of course, but it's not time to go Chicken Little on Yo just yet. If you want to see a list of app/web hacks that you should pay more attention to, look below:
6 notable tech hacks
The social media managing program briefly shut down after a "security issue" which caused bizarre tweets to show up in users' feeds. Twitter user @Firoxl, who uncovered the issue, later tweeted to CNN that his discovery "was some sort of accident."
A group called KDMS Team took credit for defacing the website of the popular messaging app. The group left a message that simply appeared to raise awareness about Palestine, saying "Palestinian people has [sic] the right to live in peace." WhatsApp said in a statement that "no user data was lost or compromised" while their website had been hijacked.
Though the security breach only appeared to affect one unlucky user, Spotify decided it wasn't taking any chances. It pushed out a new version of the app to Android users that prompted users to uninstall the previous version, and asked users to re-enter their login details. As for the one user who was hacked, the company blog said "this did not include any password, financial or payment information."
Pinterest couldn't catch a break--it was hacked twice in the span of four months. The first time, users reported spam images of women in underwear, usually accompanying a weight loss spam message. The second time around, users' feeds were littered with messages advertising a strange Asian fruit purported to burn fat. Pinterest put affected accounts into safe mode, and encouraged its users to use "unique and strong passwords" to prevent another episode.
2014 got off to an auspicious start for Skype when it became the latest victim of a hack attack from the Syrian Electronic Army. Skype's Twitter and Facebook pages, along with its company blog, were hijacked with identical messages calling for an end to government spying. The messages were quickly removed, and Skype tweeted the following day that no user information had been compromised.
Out of all the hacks on this list, Snapchat probably got hit the worst. Early in January 2014, hackers exploited a security flaw in the app's "Find Friends" function that was used to download the usernames and phone numbers for 4.6 million accounts and later posted the data online. Though the company had previously acknowledged that this was possible, they later released an updated version of the app that came with an option to opt out of Find Friends.