Printed from http://www.electronista.com

LinkedIn iPhone app transmits unsecured iCal data home

updated 10:54 am EDT, Wed June 6, 2012

Plain text data transfer in LinkedIn seen as security risk

Security researchers have found that a feature in the LinkedIn mobile app for iOS could be considered a security risk. Yair Amit and Adi Sharabani of Skycure Security found that, although it's an opt-in feature, it gathers and sends information back to LinkedIn when users access their calendar within the app. The insecurity is magnified by the data being transferred in plain text, including meeting details and other information that could be highly sensitive in nature.

The LinkedIn app allows users the option to access their iOS calendars to help with planning meetings and scheduling. It does not mention anything about the information being collected and transferred to LinkedIn's servers, which may be seen as a violation of Apple's privacy guidelines. The amount of information being collected and transmitted also appears to be far higher than what is required by the app, with the firm's blog advising that the implementation required unique identifiers for individuals at the meeting and not information such as locations, titles, notes, and other potentially sensitive corporate details. The issues with data collection is further compounded by the fact that it is transferred as plain text, with no data obfuscation or encryption applied.

The researchers for Skycure Security will be presenting their findings later today at the Yuval Ne'eman workshop annual international conference about cyber security at Tel Aviv University. LinkedIn has updated their company blog, claiming that they do not store calendar information on their servers, and that they don't use the data for any purpose "other than that of matching it with relevant LinkedIn profiles."

Path had a similar issue with collecting user contact lists in its own iOS app, which it then stopped and purged. Apple itself is in a lawsuit concerning location data being collected to optimize device connectivity even after opting out, with a judge allowing the case to proceed despite the fact that data was stored locally and not actually transmitted elsewhere.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    +3

    It Gets Worse

    LinkedIn had at least 6.5M of their user passwords compromised. If you have a LinkedIn account, now is the time to change your password, along with any sites you may have used the same password for:

    http://www.dagensit.no/article2411857.ece
    http://news.ycombinator.com/item?id=4073309

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News