Professional networking giant LinkedIn is the subject of much criticism for its new LinkedIn Intro offering for lapses in privacy and security, and is being described as the equivalent to a Man-in-the-Middle (MitM) attack.
The feature is intended to allow iPhone users the ability to access background information on contacts by routing their emails through the proxy service, but security experts warn that the system is a threat to personal privacy and potentially a serious concern for enterprise network security.
“Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to… whatever they feel like,” said Bishop Fox.
“But that sounds like a man-in-the-middle attack! I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing,” Bishop continued, pointing out that encryption would likely be broken in the process.
Others contend LinkedIn’s record on security matters is less than stellar, citing the loss of over six million users, and the mining of sensitive data from the iOS calendars of some of its members.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…