Printed from http://www.electronista.com

LinkedIn iPhone app transmits unsecured iCal data home

updated 10:54 am EDT, Wed June 6, 2012

Plain text data transfer in LinkedIn seen as security risk

Security researchers have found that a feature in the LinkedIn mobile app for iOS could be considered a security risk. Yair Amit and Adi Sharabani of Skycure Security found that, although it's an opt-in feature, it gathers and sends information back to LinkedIn when users access their calendar within the app. The insecurity is magnified by the data being transferred in plain text, including meeting details and other information that could be highly sensitive in nature.

The LinkedIn app allows users the option to access their iOS calendars to help with planning meetings and scheduling. It does not mention anything about the information being collected and transferred to LinkedIn's servers, which may be seen as a violation of Apple's privacy guidelines. The amount of information being collected and transmitted also appears to be far higher than what is required by the app, with the firm's blog advising that the implementation required unique identifiers for individuals at the meeting and not information such as locations, titles, notes, and other potentially sensitive corporate details. The issues with data collection is further compounded by the fact that it is transferred as plain text, with no data obfuscation or encryption applied.

The researchers for Skycure Security will be presenting their findings later today at the Yuval Ne'eman workshop annual international conference about cyber security at Tel Aviv University. LinkedIn has updated their company blog, claiming that they do not store calendar information on their servers, and that they don't use the data for any purpose "other than that of matching it with relevant LinkedIn profiles."

Path had a similar issue with collecting user contact lists in its own iOS app, which it then stopped and purged. Apple itself is in a lawsuit concerning location data being collected to optimize device connectivity even after opting out, with a judge allowing the case to proceed despite the fact that data was stored locally and not actually transmitted elsewhere.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    +3

    It Gets Worse

    LinkedIn had at least 6.5M of their user passwords compromised. If you have a LinkedIn account, now is the time to change your password, along with any sites you may have used the same password for:

    http://www.dagensit.no/article2411857.ece
    http://news.ycombinator.com/item?id=4073309

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

GX Gaming DeathTaker mouse

Gaming is a serious endeavor for many people, driving them to look for the best performance in their system and interface devices. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News