Linkedin “Intro” iOS app…slurp slurp slurping ur emails sitting on our servers

Bishop Fox (formerly Stach & Liu), a very well respected ICT security firm, has some issues with Linkedin and their latest app offering called Intro. It seems that there is a bit of a risk using this app as it forces all your iOS based device emails to go through Linkedin servers.

http://www.bishopfox.com/blog/2013/10/linkedin-intro/

If the findings of Bishop Fox are correct the implications for any data reliant business could be quite severe. Even if it is only the metadata they are looking at, it is still a gross invasion of privacy and in terms of regulatory compliance could well spell trouble as well.

This is why, when looking at new business practices like “bring your own device”, there are inherent risks that the business needs to be aware of. In this case it isn’t even a BYOD issue. It is one of trust being possibly hugely violated by Linkedin. When you look implementing new technologies there are reasons why you test the technology, understand the technology in some depth, understand the implications of the technology and security surrounding the technology.

Just sitting back and hitting next on the installer without some research is a path to pain.

And a possible violation of your organisations ICT policies.

I would also suggest looking into suitable data/email encryption  technologies as a standard business practice.

Advertisements