Is LinkedIn’s New “Intro” Feature Safe?

LinkedIn has introduced a new feature to its IOS application called Intro. Intro enables users to route their email through LinkedIn and get an email sender’s/receiver’s profile information. According to LinkedIn, the feature helps IPad/IPhone users become more familiar with their email partners. But many security experts agree that the new feature is potentially dangerous to personal privacy and corporate data. 

LinkedIn’s Intro accomplishes its task by configuring all of a user’s email traffic to go through LinkedIn’s servers. Where LinkedIn analyzes emails for data about the user, their company, and the people they are communicating with in the email. The application does not distinguish between private and corporate email accounts and routes all accounts that the user may have connected to their IOS device.

According to security industry blogger and researcher Graham Cluley, "LinkedIn also scooped up the contents of users' iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers, which they then transmitted in plain text, not encrypted." Other researchers believe that LinkedIn’s new feature may actually create issues with encrypted emails, because it attaches its own cryptographic signatures when it rewrites and sends your email out from its servers.

In the security industry we see this type of activity performed quite often by hackers and refer to it as a "Man-in-the-Middle” (MITM) attack. So you may want to think twice before installing it on your IPad or IPhone.