LinkedIn Intro is a new tool that attaches profile information about a sender when you receive an email from them. It works with most popular email services, including Gmail, Yahoo, AOL, iCloud, and Google Apps.
When the tool launched last week, security researchers described it as inherently insecure because it basically intercepts emails in order to integrate LinkedIn info into them.
LinkedIn has since ensured its users that the company explored every possible method of attack, and did everything it could to protect the tool from those attacks. Email moving through the system, LinkedIn says, is heavily encrypted and is only stored for a short period of time.
Though, it’s worth noting that email tool Rapportive essentially does the same thing as LinkedIn Intro. It syncs up with your Gmail account to provide you rich contact information from services like Facebook, LinkedIn, and Twitter.
Here’s LinkedIn’s full statement:
This blog post is intended to provide more information and address inaccurate assertions that have been made as a result of a product we launched on Wednesday called LinkedIn Intro. Many things have been said about the product implementation that are not correct or are purely speculative, so this post is intended to clear up these inaccuracies and misperceptions.
When the LinkedIn Security team was presented with the core design of Intro, we made sure we built the most secure implementation we believed possible. We explored numerous threat models and constantly challenged each other to consider possible threat scenarios. Here are some of the actions we took in advance of the launch:
- We isolated Intro in a separate network segment and implemented a tight security perimeter across trust boundaries.
- We performed hardening of the externally and internally-facing services and reduced exposure to third-party monitoring services and tracking.
- We also had iSEC Partners, a well-respected security consultancy, perform a line-by-line code review of the credential handling and mail parsing/insertion code.
- Our internal team of experienced testers also penetration-tested the final implementation, and we worked closely with the Intro team to make sure identified vulnerabilities were addressed.
- We made sure we have the right monitoring in place to detect any potential attacks, react quickly, and immediately minimize exposure.
- All communications use SSL/TLS at each point of the email flow between the device, LinkedIn Intro, and the third-party mail system. When mail flows through the LinkedIn Intro service, we make sure we never persist the mail contents to our systems in an unencrypted form. And once the user has retrieved the mail, the encrypted content is deleted from our systems.
- We worked to help ensure that the impact of the iOS profile is not obtrusive to the member. It’s important to note that we simply add an email account that communicates with Intro. The profile also sets up a certificate to communicate with the Intro web endpoint through a web shortcut on the device. We do not change the device’s security profile in the manner described in a blog post that was authored by security firm Bishop Fox on Thursday.
After having been a member of the security community for more than 15 years, I understand that healthy scepticism and speculation towards worst-case scenarios are an important part of the security discipline; however, we felt, in this case, it was necessary to correct the misperceptions. We welcome and encourage an open dialogue about the risks that are present in all Internet-based services that handle electronic mail and other sensitive data.