Earlier today LinkedIn launched a new iPad app and what appeared to be a pretty slick feature for iOS Mail called Intro. It presents the a profile of email senders right within the body of the message, with more details available on a tap — in a similar manner to other email tools like Rapportive.
Intro appears to deliver all of the details of your contacts to your fingertips in a nifty interface. It’s also a spectacularly bad idea for you to activate this feature.
See, iOS Mail does not have an official extensible framework. Apple does not provide any APIs or frameworks to developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ‘man in the middle’ by intercepting (with your permission) your email and injecting HTML code into it that enables a style sheet to pop open over your content, containing an extended profile that offers information on positions held, connections and a bunch of other stuff.
The implementation, explained in a LinkedIn blog post, is pretty admirable from an engineering perspective. As ‘hacks’ go, this is a really clever solution to Apple’s fairly restrictive Mail.app policies.
But when you dig into the methods that LinkedIn is using to enable Intro, it becomes clear that this is a much more sticky proposition than it appears. Right off the bat, the installation process requires that you install a configuration profile that contains a set of signing certificates and an encrypted profile. Then it asks for your email username and password, unless it’s a Gmail account in which case the more secure Oauth method is used — which requires no password given to LinkedIn. Those enable LinkedIn to (presumably securely) obtain permission to act as a middle man between you and your email provider.
This proxy server is what is used to intercept (yes, as in grab, open and modify) your email and inject the code that makes Intro possible. There don’t appear to be any humans involved in the process, and one would pray that your email contents remain un-readable somehow but I’m not sure how that’s possible. The ‘top bar’ that enables the feature is not a field or part of the header, it’s additional content that gets inserted into the body of the email.
LinkedIn appears to confirm that this is how this works. “We understand that operating an email proxy server carries great responsibility. We respect the fact that your email may contain very personal or sensitive information, and we will do everything we can to make sure that it is safe,” the section on security reads, along with a link to LinkedIn’s ‘pledge of privacy’.
That’s all well and good, and it’s fair to state flat-out at this point that I truly believe that the engineers at LinkedIn that created this hack are both insanely clever and really interested in giving you a cool way to access LinkedIn data. I find it highly unlikely that there is any malicious intent here. Instead, it’s simply a really clever solution to a problem that exists for a reason. Apple provides configuration profiles with email and encryption certificates for organizations that want to improve security, not companies that are enabling people to willfully compromise the integrity of their email stores.
Mail isn’t extensible because Apple wants to make sure that the sandboxed nature of its apps protects a user from code that could execute outside the mailbox. Because it’s actually handling your email outside of the device, LinkedIn is breaking no rules of Apple or anyone else that we know of. It’s simply re-purposed Apple’s provisioning profiles and Mail.app’s ability to display HTML and CSS to hack in a new feature.
Unfortunately, that feature relies on handing over access to your email to a third-party — LinkedIn. That’s just never a good idea if you can avoid it, and may actually be against many corporate IT policies (I can guarantee it actually). Those corporate clients who have sensitive email that should never be transmitted via a proxy server probably have a fairly high overlap with the types of professionals targeted by LinkedIn with ‘Intro’.
LinkedIn likely has zero interest in bringing on the storm of crap that would come along with accessing your email, but once you insert a middle man, you’re adding a vulnerability to your email chain. Another point of failure that could be taken advantage of by an enterprising hacker. A spoofed certificate served via a phishing site that emulates the LinkedIn Intro installation wizard is one possibility that pops to mind.
Even if you aren’t one of these corporate clients, adding in an interstitial proxy server that even temporarily handles your email is not a good idea. Especially if the company who runs the server has been the victim of an enormous data theft hack which claimed some 6.5M passwords and was shown to be transmitting emails, names and notes from your calendar in plain text. Both of which occurred in the last 18 months. I’m just not sure that ‘everything we can’ is good enough in this case.
Image Credit: TAKA@P.P.R.S / Flickr CC
Similar Articles: Marilyn Manson Kaepernick Richard Sherman Wrecking Ball jets
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.