25 October 2013

Bishop Fox: “LinkedIn ‘Intro’duces Insecurity”

LinkedIn released a new product today called Intro.  They call it “doing the impossible”, but some might call it “hijacking email”.  Why do we say this?  Consider the following:

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to… whatever they feel like.

Bishop Fox

Redirecting private, sensitive, confidential information through another third-party. What could possibly go wrong?

Post a Comment