Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security experts warn against using LinkedIn app for Apple iPhone

Antone Gonsalves | Oct. 29, 2013
App embeds link to an email sender's profile and could compromise security of the device

LinkedIn also said the iOS device's security profile is not changed, as Fox contended. Instead, the Intro service adds an email account to communicate to its server.

"The profile also sets up a certificate to communicate with the Intro Web endpoint through a Web shortcut on the device," LinkedIn said.

Security consultancy iSEC Partners performed a line-by-line code review of Intro's credential handling and mail parsing/insertion code, LinkedIn said.

"When the LinkedIn security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible," the company said.

LinkedIn has suffered security breaches before. Last year, 6.5 million member passwords taken from a LinkedIn server were posted on a Russian hacker forum. The passwords were easily decrypted because the company had used only a rudimentary hashing algorithm that was far weaker than the industry standard.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.