Late last month, LinkedIn launched a new service called Intro that, in a matter of days, has added plenty of fuel to the convenience vs. security-and-privacy fires.
You see, LinkedIn Intro dangles the carrot of public cloud convenience: By showing LinkedIn profiles in the iPhone/iPad Mail app, Intro instantly delivers up all manner of info about the unfamiliar name appearing in your inbox — what the sender looks like, what he does, where he’s based. And it works both ways — for mail received and sent.
“This is a rich, interactive, application-like experience — right in your iPhone Mail app,” LinkedIn’s website declares. “You can see a summary … strongest mutual connections … occupations, past and current, and their full descriptions. … With Intro, you can craft the perfect response.”
LinkedIn in the middle
Trouble is, as any number of security experts were quick to point out, LinkedIn resorted to man-in-the-middle attack techniques to pull it off.
What does this mean? Once Intro is installed on a device, all that device’s emails (sent as well as received, metadata and content alike) are redirected through LinkedIn’s servers, where the data can be analyzed — and, potentially, compromised.
LinkedIn quickly responded to the discovery of Intro flaws and issues with both corrections and clarifications — e.g., disabling SSLv2 (use of which violates standards like PCI DSS). LinkedIn has explained that Intro does not alter existing profiles; instead, it installs a new one that does nothing malicious. Also, Intro’s servers, which are hardened and have been penetration tested, do require SSL/TLS encryption and encrypt transmission of credentials and data.
The cost of convenience
Problems persist, however:
- Tempting hackers. Intro’s new profile can be configured to take administrative actions on an iPhone or iPad. (Indeed, it’s common for enterprises to use Apple configuration profiles to track and remotely control mobile devices.) In the words of one security analysis firm , Intro profiles “have the potential to be a phantom menace.” This makes Intro quite alluring for hackers.
- Intro adds risk by changing the content of your emails. Specifically, Intro adds a signature to outgoing emails and profile data to incoming emails. This may mess up both cryptographic signatures and encrypted email content.
- Legal vulnerabilities. For instance, privileged communications (between doctor and patient, lawyer and client, etc.) can lose that status if you fail to keep messages confidential — by, say, allowing a third party like LinkedIn to access privileged email.
- Intro may violate corporate security policy. How does your security policy address disclosure of sensitive data? If it says anything like “Do not share sensitive data with third parties,” beware of Intro.
When you have concerns about the risks that technology presents to your business, don’t try to go it alone. Instead, seek out an experienced advisor you can trust.
Because with freebies like LinkedIn, it’s important to remember that (paraphrasing security pioneer Bruce Schneier) you’re not the customer — you’re the product.
