LinkedIn’s new Intro service has put up a big sign advertising to cyber criminals, nation states and others ‘hack here, we’ve got loads of juicy data’. The architecture of its new service is innovative but compromises your security and privacy in ways you really should care about. Oh, and whilst I am at it, I’ll have a dig at Apple AAPL +1.33% for putting LinkedIn in this position in the first place. So how does it work?
The new service proudly announced on the LinkedIn LNKD +1.02% blog integrates with the Apple iOS native mail application to provide integrated details about the contact you are conversing with. Neat idea. What is interesting however is that LinkedIn has succeeded in integrating into the native Apple Mail application, an impressive feat of engineering given how intensely Apple restricts its applications and operating system ecosystem (more on the pros and cons of that later). In short, the application works by re-configuring your e-mail to proxy through LinkedIn servers so that as your e-mail passes through they can inject (inject sounds bad I know, but hold on and you will see how bad it is) a fancy banner at the top that looks like it has been integrated with the application natively. This extremely pretty band provides more contact information if you have that person in your network. I’ve got to admit I’m impressed by the ingenuity of the approach. That said, I also think it’s catastrophically silly.
In order to get some convenient contact information in the application you have to allow LinkedIn servers to act as a man in the middle for your e-mail. In other words their servers sit in between you and your normal e-mail systems to provide the feature. Naturally, the company has outlined how they won’t access this information and will respect your privacy but even if this holds true I can’t help but feel concerned when a company which has been guilty of mass password losses and implicated in a class action about e-mail hacking (it is far from clear if they are actually guilty of these practices, but interesting nonetheless) hosts a service like this. The trustworthiness of LinkedIn aside, the more concerning issue is that the LinkedIn Intro service works just like a MITM (man in the middle) attack that attackers would use within a network to intercept content they shouldn’t be able to see. If attackers compromised the LinkedIn Intro servers they would have access to a wide variety of users e-mail and could conduct activities from credential harvesting, content manipulation or even delivery of malicious code or targeted scams. Gulp. I know from experience that many readers at this point will be thinking “it’s just my personal e-mail, there is nothing interesting in there” but ask yourself how many sites and services do you have registered to that address and where do all your password re-sets, invoices and other useful information go? Your account is often the key to unlock most of your online life.
Of course, given the LinkedIn use case it is quite possible the e-mail accounts integrated could be corporate mail systems. LinkedIn also updated its announcement stating that the communications between you and their servers and their servers and your e-mail provider are encrypted. Good stuff, however if the encryption is broken at a half way point to do the injection of Intro this makes it again a brilliant target for attackers who can avoid doing all that hard work breaking encryption — we all know people who would be interested in that. So whether you trust LinkedIn or not this service makes a big single point of attack with huge pay off for an attacker.
This kind of security and policy issue is here to stay and we need to learn to deal with it. As we move more to cloud services we will see many more instances of these kinds of problems; cloud services are designed to use a shared infrastructure to host large volumes of data across multiple customers to create better solutions, community intelligence and reduce infrastructure costs. Or in other words create really big infrastructures which loads of people use and contain lots of juicy data. I’m absolutely not advocating we just run away from cloud services, but we need to recognize that not all services are created equal, that LinkedIn has a track record of some issues that need to be solved and that before adopting a service you should be clear on the level of risk you are exposed to if it goes wrong. Before we all vilify LinkedIn alone we need to remember that there are a large number of services online where users ‘connect’ their e-mail or calendar for convenience features. Unfortunately in many instances these connections are not restricted to specific information and may provide any number of untrusted parties with an unexpected backdoor to your online life. We all need to watch this area extremely carefully as it evolves over the coming years.
One last thought. LinkedIn had to get really creative to introduce such functionality given Apple’s restrictive ecosystem. I’m 99% sure this was not LinkedIn’s preferred implementation — it just can’t have been. If this functionality is important and desired (and that is an if, given it is unclear how many people will care yet) wouldn’t allowing the integration in a secure, functional way that doesn’t put users at such risk be a good thing?
Generally speaking the Apple walled garden model which aggressively restricts development flexibility on its platform has kept it safer from malicious code than the likes of Android (which has several hundred thousand pieces of malicious code out in circulation). In this instance perhaps the level of inflexibility from Apple has harmed security and privacy by forcing such architectural quagmires. Ergo, if you care about this kind of functionality it is really Apple and LinkedIn we need to be demanding more from — user experience is great, but it has to be carefully balanced with security too.
You can find more details on the clever but scary technical implementationhere. Cool though LinkedIn Intro is, I for one will be giving this a miss. What do you think? Is the functionality in LinkedIn Intro useful and worthwhile even if the implementation leaves much to be desired? Should Apple help them do this right? Let me know what you think (you could go for irony and use LinkedIn).