Earlier today LinkedIn launched a new iPad app and what appeared to be a pretty slick feature for iOS Mail called Intro. It presents the a profile of email senders right within the body of the message, with more details available with a single tap. It works like other email tools like Rapportive.
Intro appears to deliver contact details in a nifty interface. It’s also a spectacularly bad idea.
See, iOS Mail does not have an official extensible framework. Apple does not provide any APIs or frameworks to developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ‘man in the middle’ by intercepting (with your permission) your email and injecting HTML code into it that enables a style sheet to pop open over your content, containing an extended profile and information on positions held, connections and a bunch of other stuff.
The implementation, explained in a LinkedIn blog post, is pretty admirable from an engineering perspective. As ‘hacks’ go, this is a really clever solution to Apple’s fairly restrictive Mail.app policies.
But when you dig into the methods that LinkedIn is using to enable Intro, it becomes clear that this is a stickier proposition than it appears. Right off the bat, the installation process requires that you add a configuration profile that contains a set of signing certificates. Then it asks for your email username and password â€" unless it’s a Gmail account in which case the more secure Oauth method is used â€" which requires no password access for LinkedIn. Those enable LinkedIn to (presumably securely) obtain permission to act as a middle man between you and your email provider.
This proxy server is what is used to intercept (yes, as in grab, open and modify) your email and inject the code that makes Intro possible. Apparently there aren’t any humans involved in the process, and one would pray that your email contents remain un-readable somehow but I’m not sure how that’s possible. The ‘top bar’ that enables the feature is not a field or part of the header, it’s additional content that gets inserted into the body of the email.
LinkedIn seems to agree that this is how this works.
“We understand that operating an email proxy server carries great responsibility. We respect the fact that your email may contain very personal or sensitive information, and we will do everything we can to make sure that it is safe,†the section on security reads, along with a link to LinkedIn’s ‘pledge of privacy’.
That’s all well and good, and it’s fair to state flat-out at this point that I truly believe that the engineers at LinkedIn that created this hack are both insanely clever and really interested in giving you a cool way to access LinkedIn data. I find it highly unlikely that there is any malicious intent here. Instead, it’s simply a really clever solution to a problem that exists for a reason. Apple provides configuration profiles with email and encryption certificates for organizations that want to improve security, not companies that are enabling people to willfully compromise the integrity of their email stores.
Mail isn’t extensible because Apple wants to make sure that the sandboxed nature of its apps protects a user from code that could execute outside the mailbox. Because it’s actually handling your email outside of the device, LinkedIn is breaking none of Apple’s rules. It’s simply re-purposed Apple’s provisioning profiles and Mail.app’s ability to display HTML and CSS to hack in a new feature.
Unfortunately, that feature relies on handing over access to your email to a third-party â€" LinkedIn. That’s just never a good idea and may actually be against many corporate IT policies (I can guarantee it actually). Those corporate clients who have sensitive email that should never be transmitted via a proxy server probably have a fairly high overlap with the types of professionals targeted by LinkedIn with ‘Intro.’
LinkedIn likely has zero interest in bringing on the storm of crap that would come along with accessing your email, but once you insert a middle man, you’re adding a vulnerability to your email chain. A spoofed certificate served via a phishing site that emulates the LinkedIn Intro installation wizard is one possibility that pops to mind.
Even if you aren’t one of these corporate clients, adding in an interstitial proxy server that even temporarily handles your email is not a good idea â€" especially if the company who runs the server has been the victim of an enormous data theft hack which nabbed some 6.5M passwords and was shown to be transmitting emails, names and notes from your calendar in plain text. Both of which occurred in the last 18 months. I’m just not sure that LinkedIn doing ‘everything we can’ to keep us safe is good enough in this case.
Image Credit:Â TAKA@P.P.R.SÂ / Flickr CC
No comments:
Post a Comment